Inside the Secret War Against Internet Spies

ahess247 brings us a lengthy BusinessWeek story on the increasing amount of attacks against the US government's online presence as well as its contacts in the private sector. Hackers are gaining a greater awareness of where valuable data might reside, and that awareness is leading to more precise, more sophisticated attacks. Quoting: "The U.S. government, and its sprawl of defense contractors, have been the victims of an unprecedented rash of similar cyber attacks over the last two years, say current and former U.S. government officials. 'It's espionage on a massive scale,' says Paul B. Kurtz, a former high-ranking national security official. Government agencies reported 12,986 cyber security incidents to the U.S. Homeland Security Dept. last fiscal year, triple the number from two years earlier. Incursions on the military's networks were up 55% last year, says Lieutenant General Charles E. Croom, head of the Pentagon's Joint Task Force for Global Network Operations. Private targets like Booz Allen are just as vulnerable and pose just as much potential security risk. 'They have our information on their networks. They're building our weapon systems. You wouldn't want that in enemy hands,' Croom says. Cyber attackers 'are not denying, disrupting, or destroying operations--yet. But that doesn't mean they don't have the capability.'"

You PWN3D my Empire!

[Jeremiah Cornelius (137)]

Funny, Booz Allen might like to take a leaf from the Northrop-Grumman playbook and charge the Chinese for this information!

Let's get this straight.

Northrop-Grumman or General Dynamics or any D.o'D. approved private contractor can post anything they like about future combat systems on their websites, and even sell secret weapons systems to Saudis or the UAE or anyone else who can buy, but for anyone else to do it is an infringement of national security.

Also, the private contractors can preferentially hire non-nationals, who work diligently and are key to the development of these systems, instead of American citizens who might be disturbed at the nature of what the private contractors are doing in the name of national security, but that's the free market.

So, if I remember correctly, didn't something happen in Germany in the 1930s that caused its brightest physiscists to flee? And didn't the same imperial hubris that caused Germany to persecute the people who might have made it an economic power after WWI really cause it to enter- and lose- WWII?

Just askin'. I just wondered what the Party line was these days.

http://spacetimecurves.blogspot.com/2008/04/pearl-clutching-by-master-race.html [blogspot.com]

Re:

[MrNaz (730548)]

I find it amusing that these articles portray the US as some kind of noble victim in online warfare, as though a) the US is not the most aggressive player in international geopolitics and b) the US has no cyber warfare program of its own.

Is there anyone dumb enough to still believe the romantic portrayal of the young valiant American heros defending liberty and freedom from the vicious hordes that everyone else refers to as "the rest of the world" ?

Re:You PWN3D my Empire!

[Jeremiah Cornelius (137)]

"Is there anyone dumb enough to still believe the romantic portrayal of the young valiant American heros defending liberty and freedom"

Yes. Products of the American "education" system.

Re:

[by Anonymous Coward]

these articles portray the US as some kind of noble victim in online warfare

[citation needed]

I read the article quickly, and I did see that it describes attempts to penetrate US systems, from a US point of view. But I didn't happen to notice any editorializing about US nobility, or any suggestion of a lack of a US cyber warfare program.

Sure it wasn't in your head? Go ahead and criticize US policy. Criticize the article too, if you think it's poorly written. But you're criticizing the article based

Re:

[Jeremiah Cornelius (137)]

"Probably. Hang around a US military recruiting station, and I bet you can meet a few people who have that vision."

The FoxNews demographic. Earnest, well-intentioned, poorly-informed, misguided and wrong.

Re:

[thaig (415462)]

Sometimes right, sometimes wrong, I think - like all things in life. It's the politicians who are most responsible and the politicians get elected by people who believe them - i.e. the public.

I bet some of them are clever and some are not. All you can say is that there must be more heroes in the Military than in most other professions because it's about living or dying. Being prepared to take big risks is something that's impossible not to respect.

Re:

[moxley (895517)]

Thiaq said: "Being prepared to take big risks is something that's impossible not to respect."

I disagree. Any idiot can be prepared to take big risks - casinos, hospitals, prisons and morgues are full of them.

In my opinion you get respect for knowing WHEN and HOW to take big risks - not just being willing to risk your life and/or livlihood. Sometimes (as is the case for many in our military) you take a huge risk to your livlihood (and freedom even) by deciding to refuse to take part in something you feel is

Re:

[spun (1352)]

No, they are all conservative too. Just less so. Maybe even conservative/Democrat. See, the major media is all owned by rich people. Rich people tend to be conservative. They like to use their news outlets to convince us all that their interests are our interests.

Re:

[Z34107 (925136)]

Media bias [skewz.com]

Now, go to a DNC convention. I'm sure you'll find a few rich people who aren't conservative.

Re:

[dkleinsc (563838)]

My characterizations, which are think are reasonable here:
MSNBC - liberal/Democratic
CNBC - somewhat conservative (more bias towards its investor audience)
CNN - fairly neutral (but concentrated on horse race politics)
PBS - Tries to remain neutral, is generally caught between the liberal individual donors and the conservative corporate and foundation donors
CBS - no news organization to speak of
C-Span - The most unbiased source imaginable, since it shows what politicians are saying and doing rather than commen

Re:You PWN3D my Empire!

[Oligonicella (659917)]

The fact that you can even post this without boots at your door shows that those young heroes are indeed defending your liberty and freedom. "The rest of the world" is not one entity, but myriads. Many of those would gladly take you out and put a bullet in your head for your beliefs and speech.

Re:

[Jeremiah Cornelius (137)]

Give 'm cheap, "free speech". Then they'll believe they have real liberty, and low motivation to actually pursue a government by, for and of the people.

Re:

[darkpixel2k (623900)]

The fact that I can post this without boots at my door means that a) we're still in the nascent stages of dictatorship formation and b) I don't live in the US.

kthnx.

You don't live in the US? Wow--way to blow his argument apart...except nowhere did anyone say the US was the only place that had free speech.

Re:

[MrNaz (730548)]

One would assume that the US can't (yet) put boots at the door of someone not living in the US. Unless of course they're chasing media pirates. Arr!

Re:

[Torvaun (1040898)]

Is there anyone dumb enough to still believe the romantic portrayal of the young valiant American heros defending liberty and freedom from the vicious hordes that everyone else refers to as "the rest of the world" ?

My grandfather, and probably anyone else who was around when it was still true.

Re:

[Orion Blastar (457579)]

'Is there anyone dumb enough to still believe the romantic portrayal of the young valiant American heros defending liberty and freedom from the vicious hordes that everyone else refers to as "the rest of the world" ?'

Yes but only if Hollywood makes a movie about it and shows it world wide.

I debate with people from all around the world on Internet forums, most of them cite examples from Hollywood movies. Then they think that the USA must really be like what they keep seeing in movies about the USA. Like Forr

Re:

[janrinok (846318)]

Yeah the USA doesn't do cyber warfare because we see it as unethical and illegal and immoral

http://www.afcyber.af.mil/

You were being sarcastic, right?

Re:

[phantomfive (622387)]

Is there anyone dumb enough to still believe the romantic portrayal of the young valiant American heros defending liberty and freedom from the vicious hordes that everyone else refers to as "the rest of the world" ?

Americans are arrogant, it is true, and boneheaded and sometimes selfish, and in international relations we try to get our way. The government is just a reflection of the people.

But at heart we are good. We aren't trying to hurt people, and we help them out when we can. We send billions of dollars to foreign countries in aid. You may say it's not enough, but realistically we don't have to send any. Americans individually donate as much or more money to charity as any other country in the world.

Sure w

Re:

[Jeremiah Cornelius (137)]

Billions of dollars to buy their feudal allegiance - with goodwill as the PR story to sell Empire back home.

Re:

[phantomfive (622387)]

Billions of dollars to buy their feudal allegiance - with goodwill as the PR story to sell Empire back home.

Um.....I think you are a bit confused about how feudalism works. You see the idea is the underling gives money and tribute to his feudal Lord. You don't buy feudal allegiance with money, you get it by promising not to destroy the country.

Maybe this is not what you meant. Maybe you picked the wrong words; but you will get a lot farther using words that represent what you actually mean rather than picking words that sound sensationalistic and are clearly an exaggeration.

America isn't perfect by any s

Re:

[MrNaz (730548)]

Billions in aid? Perhaps you need to have a good, hard look at just how USAID operates, and the role the IMF plays in global development with it's so called "development loans".

Oh, and the tone of your message is basically "Sure we killed millions of innocents and plundered natural wealth to which we had no legal or moral claim. But hey, at least our heart was in the right place!".

Re:

[phantomfive (622387)]

Where are you getting this 'millions of innocents' killed? In Iraq?. Even the most pessimistic study of civilian casualties puts the number far below a million.

The US does many good things. Have you never heard of the Peace Corps? Do you think it would be better if the US didn't give out any money? Nobody is saying the US is perfect, or even that they are unselfish, but to ignore the good and only focus on the bad helps no one and misrepresents reality.

Incidentally, the intent of my post was not t

Re:

[MrNaz (730548)]

Have you never heard of the Peace Corps?

Yes, I know quite a number of people who left it, describing it as just another appendage by which the US government wields influence over foreign nations. Have you ever travelled with the Peace Corps? Not being a US citizen I can't officially do so, but I've been with them before, and met many, many members.

Do you think it would be better if the US didn't give out any money?

Actually, that's precisely what I'm saying.

It is to point out that despite the bad things in

Re:

[Jeremiah Cornelius (137)]

You know, the more I read this hatred and contempt from our Euro-zone âoeallies,â the more Iâ(TM)m inclined to realize that George Washington had it absolutely right regarding âoeforeign entanglements.â OK, youâ(TM)ve convinced me...

Quit posting to Slashdot with MS Word as your editor!

Re:

[Ethanol-fueled (1125189)]

So who are we at war with again? Eurasia or Eastasia?

Re:

[Jeremiah Cornelius (137)]

Technological solution, meet sociological problem.

Now, I believe I ordered the dancing pigs!

For every defense...

[bluemetal (1269852)]

For every defense there is an attack, and every attack a defense. These military types should know this better than anybody else. It's a battle they should be prepared to fight as it was only a matter of time before it happened. And of course, it will cost yet more resources to mount this defense (or as the case may be, an attack against the attackers) and somebody is going to have to pay for it. As always, technology is a double-edged sword.

For every threat there is funding

[EmbeddedJanitor (597831)]

Of course the military and others want to make Joe Sixpack scared. A scared citizen readily hands over funding, privacy etc.

The end of the Cold War was a huge threat to careers and funding in the CIA, military and govt contractors. Need those Iraq wars, terrorists and hackers to keep the whole war machine going.

The military industry is not the only one that works this way. The medical industry is catching on too (bird flu) and now the whole greenwashing industry (global warming etc).

Spy vs. Spy

[mfh (56)]

Spies use any means available to find information. If the Internet helps, they'll use it. That does not change their ornithological classification, or make them more specialized in one key area.

Also, spies would rather have infrastructure INTACT, so they can exploit it easily. They are lazy humans, like you.

Re:Spy vs. Spy

[virtual_mps (62997)]

Spies use any means available to find information. If the Internet helps, they'll use it. That does not change their ornithological classification

I'm missing what is doubtless a deep and subtle point about spies and birds.

Re:Spy vs. Spy

[EdIII (1114411)]

He may have meant "ontological" but goofed it up instead with a scientific reference to the study of birds :)

I could see him thinking about spies, and birds being like spies, and then screwing it up. What I find funnier is how many people will skim over that sentence really quickly and find it smart and intelligent sounding, while never really understanding what ornithology or ontology really is.

Re:

[sapphire wyvern (1153271)]

I assumed it was a high-falutin' version of "birds of a feather". The kind of thing I would say... :)

Re:

[pipingguy (566974)]

At least he spelled it right.

What's worse is disagreeing with someone and spouting, "just read these 14 URLs comprising 347,958 words and you'll find out how stupid you really are" rather than putting effort into making some clear statements and taking the time to put coherent thought into words.

There's not much worse than copypaste advocacy but it's all the rage with those who tend to refer others to talking points and narratives.

Re:Spy vs. Spy

[PopeRatzo (965947)]

Spies use any means available to find information. If the Internet helps, they'll use it. That does not change their ornithological classification, or make them more specialized in one key area.

Great point.

And just because we're worried about "internet spies" let's not forget that there are plenty of the old-fashioned variety out there, too.

For example, how many of us know that 15 Bush Administration officials, including Sec'y of State Condi Rice, have just been subpoenaed in the oft-delayed Franklin/AIPAC/Israel Lobby spy case. Even though it's common enough to come up in Google search auto-complete, it hasn't been mentioned on any US media.

The difference is now the people that are spying on us are employed by the ones that are supposed to be working to protect us.

And even if we caught every single spy, who among us feels we could trust our Department of Justice to prosecute them with any integrity? Hell, if there were any justice, the top law enforcement appointees (John Yoo, Alberto Gonzalez, Michael Mukasey, etc) not to mention their bosses, would be the ones facing trial.

Re:

[GoodNicksAreTaken (1140859)]

I'd like to know what they are counting in those numbers. We probably have that many attacks per year on our dozen or so systems with all of the script kiddies running their dictionary attacks against the FTP server we use for getting business cards and flyers to the print shop. I can pull a large number out of my backside and claim the sky is falling as well as the next guy.

Not much of a secret anymore now is it?

[Gat0r30y (957941)]

And if these spys are doing a good job, it'd be awfully hard to catch em. Of course if this is any indication [slashdot.org] it couldn't be terribly difficult to gain access to sensitive information.

You shouldn't have military plans on the Net

[WillAffleckUW (858324)]

When I worked at Boeing (and before that the Army) - if you had secret plans, you didn't keep them on a box that was open to the Net.

The problem is that they're not even following their own rules - Win boxen have never been approved for holding Net-connected data - only in a stand-alone environment are they even considered, and even then in a secure room with full security protocols enforced.

We used to lock down our drives too. In locked cabinets. When we went home.

Re:

[bk_veggie (807894)]

I'm a little fuzzy about this. I assume your comments are referring to Boeing policy.

Windows boxes have been allowed on the SIPRNet and JWICS since before I started my IT career. NT 4.0 was NIAP approved ages ago to do so. While those systems (arguable) aren't connected directly to the net, their boundaries have greatly expanded over the last 5 years to areas outside of military control.

The only drives that are locked up at night (in my environment) are ones that are used for desktops in non open-storag

Re:You shouldn't have military plans on the Net

[zappepcs (820751)]

Not sure about all that, but when I had my TSEC it would not have been allowed to open secured data traffic to the Internet in any way shape or form. ELINT (USAF electronics spy types) would have laughed at such, then eyed you suspiciously for suggesting it. The military, my friends, is securely running on a darknet which requires more than will power and a h4x0rz kit to get into. This is all about scaring up some more money and a few more personal freedoms in the name of security from the evil terrorists, only this time it's a run up to take away some of your online rights and privacy. Don't even be fooled by the bullshit.

If the military was as susceptible as they might lead you to believe, they'd still be trying to stop spam emails from pouring out of the RNC servers. Holy shit man, if they were hackable someone on the NYT would already be posting the 'lost RNC emails' if you know what I mean... geez

Re:

[planckscale (579258)]

Even so, if a contractor is given access to classified info, the problem is that info is finding its way onto internet connected machines.

Re:

[by Anonymous Coward]

I find that hard to believe. SIPRNET, for example is locked away, in a room, not connected to the real world. And if anyone goes in to said locked room, they have a security clearance. And they damn sure don't walk in with any form of transportable media (thumb drives). Policies, such as the data at rest policy, prevent things like this from happening very often.

My apologies for posting anon, but I have mod points and I work for the Navy.

So feed them some bum plans.

[jhantin (252660)]

Back in Reagan's day, our intel folks [cia.gov] managed to slip the Soviets a surprise that would have made Jokey Smurf proud [msn.com] with their bundle of purloined technology.

Re:

[dbIII (701233)]

However it didn't work. Despite many efforts in that direction the USSR didn't play ball and decided to completely opt out of the attempted restart of the cold war and various efforts to turn it into a shooting war. It was really over before Reagan got in and abandoned diplomacy for a practical demonstration of Nixon's "madman theory".

Connection to other malware.

[Ungrounded Lightning (62228)]

Some of this is no doubt spear-phishing. (Deploying newly-retuned spyware selectively against a target rather than globally, so it slips past signature-based malware detectors.) But I'd bet that most of this stuff is based on the malware developed for botnet-spamming and DDOSing, regular Phishing, etc.

We have a multibillion-dollar industry based on corrupting computers and stealing selected information from them, which the governments have virtually ignored while its techniques were honed. Now their own military secrets are the target of a similar attack. Any bets on whether it is built on the same code base.

Too late now, guys. The enemies' cyber-warfare departments now have the technology.

But I bet that, if you start finding and closing the barn doors even after most of the horses are gone, you'll find enough fingerprints and tire-tracks to trace down who did it. Hunt them down and take them out, and you'll eliminate a bunch of the talent that would otherwise be developing the technology further.

Color me underwhelmed.

[ColdWetDog (752185)]

The e-mail message addressed to a Booz Allen Hamilton executive was mundane--a shopping list sent over by the Pentagon of weaponry India wanted to buy. But the missive turned out to be a brilliant fake. Lurking beneath the description of aircraft, engines, and radar equipment was an insidious piece of computer code known as "Poison Ivy" designed to suck sensitive data out of the $4 billion consulting firm's computer network.

OK, so a contractor gets a random email asking for *something*. The email has a keylogger as an attachment. The executive doesn't activate the keylogger.

Western civilization was saved from the abyss.

Who doesn't think these things happen all of the time. I would be upset (in a general way) if our enemies didn't try that sort of stuff. And sneaking in via the side door. And the hot secretary. And countless other bits of espionage craft. Keep up the firewalls men! Loose lips sink ships. Watch them commies, you never know what to expect. Let's have another iPhone article, shall we. It's been maybe 24 hours since the last one. I'm getting bored.

Can anyone explain...

[zonky (1153039)]

Why these Defense contractors are using unencrypted email, and Access to "to manage big batches of data.?"

Please tell me

[psychicsword (1036852)]

They are so hard to find. And the keep stabbing me in the back [youtube.com] :'(

Logistics is key, even in the cyber age

[by Anonymous Coward]

Timely and new sensitive data, and various top secret technology always seem cool enough to make the front pages of such espionage stuff. But I'm suprised they aren't speaking of some more mundane channels of attack.

Wasn't "The military marches on its stomach." some historical quote that was attributed to Napolean? Anyhow, where I'd keep an eye out for cyber vulnerabilities is in the logisitics chain. All it'd take is someone to get into the requisitions, inventory, and procurement channels and they could make all hell break loose. Frozen fish in the place of ammo, livestock sent to some other place, 100 screwdrivers and bomb fuses to an office that only does paperwork, etc. Not only can such things waste resources or man hours to correct, but it can cause negative economic consequences for contract vendors. Stupid shit like that could get old really fast.

Hopefully the military brass has enough sense to ensure strong verification when dealing with civilian contractors in the supply chain (and via internal supply channels). Also there should be some means to ensure the trustworthiness of supply contractors, as some purchase orders might have the possibility of indicating potential for action, etc.

On the other hand, this would potentially be a great way for the U.S. to attack any adversaries too. The more bureaucratic, thick, and mundane an organization is - the more opportunities for logistics data mayhem. False requests will tend to look more "reasonable" under such systems.

Re:

[n00854180t (866096)]

Yeah the supply chain of the US military is already so crappy that it'd essentially absorb any sort of attacks, from what I've seen. Most of the time, you have none of the stuff you need, and much of the stuff you don't need. Usually, you rig the miscellany to get what you want, which sucks.

Again it begs the question,

[LM741N (258038)]

Why are any of these sensitive networks connected to the Internet? Its just the ultimate in stupidity. Like the hackers who broke into the power grid in a day. Why the hell is the power grid being hooked to the Internet? They may as well install webcams in all the Pentagon offices so we can see what they are doing all day.