Crackers Cause Pentagon to Put Computers Offline

Anarchysoft writes "As many as 1500 Pentagon computers were brought offline on Wednesday in response to a cyber attack. Defense Secretary Robert Gates reported of the fallout both that the attack had 'no adverse impact on department operations' and that 'there will be some administrative disruptions and personal inconveniences.' When asked whether his own e-mail had been compromised, Gates responded, 'I don't do e-mail. I'm a very low-tech person.'"

Keyboard Infestation

I recommend a less-crumbly type of snack, like carrot sticks or celery. Dip is right out.

Re:Keyboard Infestation

I'm handing in my geek card. I actually thought this story was referring to food.

Re:Keyboard Infestation

I'm handing in my geek card. I actually thought this story was referring to food.

That's ok, you were closer than me, I thought it meant that honkeys took over the Pentagon!

Re:Keyboard Infestation

That's ok, you were closer than me, I thought it meant that honkeys took over the Pentagon!

I don't know how to break this to you but...they already had.

Re:Keyboard Infestation

Joking aside, I applaud the article for differentiating between hackers and crackers.

i guess it's true, then

...that the hairdresser's hair is the one with the ugliest haircut.

Not to worry

That hacker will never figure out what to do with the launch codes to the continental ICBM inventory. On the other hand, can you imagine a nuclear attack being started from an iPhone?

Hackers today are jokers

I agree. Hackers today are not ParMasters of yesteryears.
I guess they were just looking to recruit more zombies for their credit card scams and by mistake they stumbled upon the DoD unsecure network.
Heck, half the jokers (who call themselves hackers) can't

Gates onto something??

Gates responded, 'I don't do e-mail. I'm a very low-tech person.'"

Actually, this makes Gates sound stupid but as a general rule don't put sensitive information on computers connected to the internet. The best security is not having the damn wires there in the first place. At the top levels of government, where nation-states are trying to install spyware, intercept and decrypt your packets, and otherwise penetrate your defense, maybe having one of a thousand aides sneakernet it is a good solution.

Re:Gates onto something??

You're right, nothing could ever go wrong having someone physically carrying a message.

If anything can go wrong....

At least when something goes wrong with a sealed message sent over the sneakernet, you'll know that something has gone wrong.
Encryption isn't common in the current internet. And it is possible for someone to copy data and leave hardly any trace that it w

Re:If anything can go wrong....

"Copyright infringement isn't theft." Is copying another state's secrets theft if the original copy of the secrets is still in the original computer?

No, that's still not theft. That's espionage.

Re:Gates onto something??

It explains a lot, doesn't it?

For once, I'm with him.

Email is often ignored these days - in fact, its principal virtue seems to be the fact that it is so easy to ignore until such time (if then) as it suits you.

Mr Gates probably gets more done (as do I, in fact) by picking up the phone.

only weasels and illiterates hate email

For me, its principal virtue is that it serves as a record of what I actually said, and what was said to me. I want taskings and requirements in writing. I'm okay with them changing, as long as I have a record of what I was originally asked so we can track the change in objectives.

I have waaaaay too many memories of supervisors saying "I never said that." Of course, I still have supervisors who want every encounter face-to-face, ostensibly because they feel that email is impersonal. Guess which supervisors have rather flexible memories when it comes to what they did and didn't say to me?

I'll even type up what we discussed right after the meeting and pass it by them to "make sure I understood," and they just reply with "see me." But I push for written records as often as I can. Only weasels and illiterates hate email.

Re:Gates onto something??

In 1914 General Joffre, commander of the French forces, refused to use the telephone, claiming he "didn't understand the mechanism." Therefore he spent hours driving back and forth to the British army headquarters in the middle of a desperate campaign to stop the Germans. It is believed that he feared his words being recorded on the other end without his knowledge.

Re:Gates onto something??

The best security is not having the damn wires there in the first place.

Ahhh yes... the air-gap firewall - works better than anything.

I'm sure Cisco has one for $40,000 they can sell the DHS (empty box with two RJ-45s). They need it. [slashdot.org]

Re:

I am 100% sure that they do separate the classified info (i.e secret and above) from the normal everyday workings. Whether there is a physical disconnect or hardware encryption tunneled in nonclassified lines, I don't know.

Re:Gates onto something??

The best security is not having the damn wires there in the first place.

Exactly. Wi-fi is the only safe way to transfer information safely. Get rid of the wires and we can all relax. And if you can't have wireless, at least make sure there's more space than a nomad. What were we talking about again?

but note the comment about blackberries...

He seemed perfectly fine letting people talk about secret military matters on their insecured wireless crackberries.

Re:Gates onto something??

Gates calling himself low tech is most likely an attempt to deflect further questions. It was well known in his time at Texas A&M that he would personally respond to many emails from students, and as he was leaving the university he made it known that he frequented a popular aggie message board. http://www.texags.com/main/forum.reply.asp?topic_i d=768382&forum_id=5 [texags.com]

Re:Gates onto something??

As a general rule, sensitive information is already prohibited on military computers that are connected to the Internet. If you've ever seen an office in, say, the Department of Homeland Security, you'll notice that they have two or even three systems on each desk; that's because none of those computers are connected to each other. Computers that can touch the Internet can't have anything sensitive on them; computers that might have something sensitive on them can't touch the Internet.

Re:Gates onto something??

In the classified processing facilities I've seen, the PCs have no writeable removable media (CD-ROM drive only, no floppy drive, etc.) and the USB, Firewire, and unused I/O ports are filled with epoxy. And the cases are locked shut with the tamper-detection switch active. And reporting to something like Tivoli or HP OpenView.

Did I mention the network switches also administratively disable any network port that shows a significant interruption in ethernet link status (or change in attached MAC address)? So don't bother trying to switch out PCs either.

Ultimately, I'm sure it can be worked around. Just not very easily, and failing means an espionage trial and a few months or years in federal pound-you-in-the... well, you know.

Re:Gates onto something??

The ones I've seen are as you describe, only with removable drives. The drives with classified data on them are kept in a separate vault, you have to check out the individual drive with the data you need, take it to the secured computer, plug it in and use it, and then check it back in. And they weren't on any kind of a network, they were in a EM shielded room with nothing but electrical wires leading in and out.

but its not even 4th of July yet

Not sure if you call fireworks crackers [acmefireworks.com.au] in the USA, but its the 1st thing I thought when reading the subject.

Uh oh

Another slashdot meme in the making?

"I don't do $technology, I'm a very low-tech person."

Re:Uh oh

Another slashdot meme in the making?

"I don't do $technology, I'm a very low-tech person."

I don't do Slashdot memes, I'm a very low-tech person.

Re:

In soviet russia, emails don't use you!

Re:

I, for one, welcome our new low tech non-email using overlords.

Bad news, sir...

Scene: Secretary Gates's office - dawn

A PERSISTENT BEEPING breaks the stillness.

SECRETARY GATES stumbles in from an adjoining room, bleary-eyed. Another all-nighter of trying to keep the world safe for democracy.

SECRETARY GATES: What the blazes is it now?

He picks up his Big Red Phone.

SECRETARY GATES: Gates here. What is it?

TECH #1: Sir! This is Collins at Central. We've got a situation -- massive DOS, widely distributed. One of the worst yet.

SECRETARY GATES: Damn! Tell me it's not--

TECH #1: Bad news, sir. It's your brother.

BILL GATES: Mwa ha ha ha!

SECRETARY GATES: Curse you, Bill! What infernal scheme have you cooked up now?

BILL GATES: By making Windows insecure and ensuring its worldwide adoption, I now have an army of millions of zombie computers at my disposal! I will instruct them to PERMANENTLY destroy your computer network unless you pay me... <pinky>one hundred BEEEELLYON dollars!</pinky>

SECRETARY GATES: But... you already have billions of dollars!

BILL GATES: Yes, but Mother always liked you better, so now I'm overcompensating. Top of the world, ma!

JAMES CAGNEY'S GHOST: Cut that out!

There's modern reporting for ya

I could think of a million important questions to ask in a situation like this if I were a reporter:

"What specific systems were attacked?"

"Do we have an idea as to who the attackers were? Al Queda? The Chinese?"

"Were any intelligence reports lost? What steps are being taken to ensure the safety of individuals whose data may have been compromised

etc, etc, ad naseum....,

Instead, we get a single insipid question pondering the Secretary of Defense's private email habits and his moderately disturbing technophobic response. Sheesh.

Re:There's modern reporting for ya

The fine article is originally from the AP, which I don't trust if there is anyone else covering the story. It is also simply covering a press briefing from the Pentagon.
Important questions were asked, but the Pentagon simply didn't answer most of them.
What specific systems? All we know is, the DoD Blackberries didn't get hit by this particular attack. We're also told that the Pentagon systems are attacked all the time.
If the Pentagon systems are attacked all the time, then it's likely not an easy task to determine who launched any specific attack. Al Qaeda, the Chinese government, a Chinese cracker working on his own, a mindless virus--who knows?
Whether any intelligence reports were lost or copied is likely classified itself. If the cracker doesn't know whether what he has, or what he destroyed, is valuable, then why should our government tell him?
We're talking about the Department of Defense, remember. They likely don't care about the safety of the individuals whose data was compromised. They had to compromise those individuals themselves to make their intelligence reports!

Re:

> his moderately disturbing technophobic response

You can argue that a person in his position does not have to deal with email. Communicating face to face or by phone is better suited to the job, allows for better relationship building. Any email (reques

Why is Slashdot quoting Time abut Cybersecurity?

Shouldn't it be the other way around?
There's nothing of substance in the article.

My guess is this was related to the MPACK issue [dshield.org], but us nerds knew about that over the geekend.

"Handheld Blackkberries"

Employees whose computers were affected could still use their 'handheld BlackBerries'. OMG that means hackers compromised the Desktop Blackberries

Quit with the "cracker/hacker" bullshit

It's hacker, okay? Hacker. When someone is able to write code to get a computer to do something awesomely good, that person is a hacker. When someone manages to get a computer to do something is awesomely evil, that's also a hacker. If someone builds a spice rack for Gandhi, or a spice rack for Stalin, they're still both carpenters. Trying to frontload the term with your own moral judgment is just a little too newspeak for me.

Flamebaiting the digerati

Now, every other person online will mock him for not knowing how to use email, and being "low tech".
There is no reason why a person should use such new technology, when most of you probably spend all your time sitting of furniture you have no idea how to build (most have no idea how to build a chair that lasts a week), spend a life inside a home with no understanding of architecture or even the most basic ability to alter your surroundings, no ability to fix a broken toilet, repair a frozen refrigerator, fix a broken washing machine, or just replace a window in your house with a new one. And these are things that people live with from their early childhood, unavoidable parts of everyone's lives."Low tech" so to speak.
But when a person doesn't use email? OMG ROFL ROFL ROFL WHAT A DUMBASS NEWB.

Email? Why should he?

Quite a few posters here seem to think Gates is a fool for not using email. To me, that shows an inability to understand his role. He's not a sysadmin or middle manager; he's the head of a huge federal agency. To me, that implies:

• He's very busy.
  
• He has too many documents to read, and too many meetings to attend.
  
• He's supported by able subordinates whose only goal is to increase his effectiveness.
  
• Someone else keeps his schedule.
  
• Someone else types any emails or memos from his office.
  What could someone like that gain from personally using email?
  
  Actually, I wonder how many CEOs use email.

Re:Email? Why should he?

About CEOs, based on rumors and wild speculation, I've heard that Michael Dell does indeed use email, and does it pretty much directly. This is why he has to change email addresses pretty frequently, whenever it becomes known to the wider world and they start sending him hatemail / penis enlargement ads / technical support questions.

In contrast, some other CEOs have catchy, widely-published email addresses, and I can only assume whole staffs of people to read their Inbox and sort the wheat from the chaff. Sam Palmisano (CEO of IBM) used to have an address that was like "sam@ibm.com" or something like that. I thought it was kinda cool, but then realized that anyone sending an email there, thinking a CEO is actually going to read it, is on as much crack as someone who writes to their Senator and doesn't realize that it's going to be read and filed by some unpaid summer intern.

Anyway, although I've never gotten to use them, most of the big corporate email suites (Exchange, Notes, etc.) have features that allow for 'delegation' of people's email boxes to secretaries and assistants. So an executive can have their own address but route all the mail coming into it to an assistant, who can sort through and pass stuff along appropriately. And that's for executives that do any of their own email.

Doubtless, at the very high end of the power ladder, there are people whose time is just so valuable that it's wasteful to ever have them sitting and typing at a keyboard -- it's cheaper to have a well-paid executive assistant actually read, summarize, note the desired response to, draft, and present for approval the responses to, all incoming messages. Whether most CEOs do that I don't know (I suspect not too many, anymore), but I bet that a lot of high-ranking government officials do it that way.

Attack or Counterattack?

That's the question.

The CIAs and NSAs operations are totally secret, maybe they attacked a cybertarget before, and that's the just a counterattack. That's a widely known strategy to control the media. The public thinks their countries computers are attacked by evil guys from whereever because they can't link that event to the secret event done by their own secret service before. So the (counter)attacker looks more wvil ("Hey, why do they hate us???") and the government can use this to raise the fear of the people. Also the computer guys from the services can demand more money for defense of the countries networks.

You shouldn't believe everything the secret services (of any country) make public. Especially when they make something public ;-)

cracker?

How did they know it was pasty white guys?

He has used email

Just FYI, I would guess that the 'I don't use email' statement is mostly tongue-in-cheek, with a mode of truth (e.g. his secretary handles most of the actual process.)

As a student at Texas A&M University (where Dr. Gates was president until 6 months ago,) he communicated with the student body regularly via email, and in fact that was how I first learned of his nomination as Secretary of Defense.

Re:

> I really seems that none of the politicians or bureaucrats in the U.S. government have the slightest clue.

Fixed that for ya.

Re:Gate's quote

If you're a member of the military with some rank, shouting is a much more effective mode of communication. I imagine Microsoft producing specialized keyboards for the military, such as the MS Multimedia Sergeant Keyboard, which defaults to caps lock being always on.

Re:

Seriously, though, the guy's 63.

That's the lamest excuse for incompetence. I'd *almost* buy that if we were talking about some retired grandmother or something.

But saying "the guy's 63", like he's completely incapable of learning is just ridiculous.

Re:

The $600 hammer was explained thusly: A box of miscellaneous parts, including some very expensive high-tech items and some cheap low-tech ones (like hammers), was shipped. By the accounting rules, each item is assigned an identical part of the shipping a

Hammer

The hammer in question was Platinum. Because only platinum does NOT produce sparks [of fire] when struck against other metals in a flammable environment.
The congress critter who displayed the hammer for all to see conveniently failed to mention it was platinum.
Now since platinum looks more or less like highly polished steel from a distance, people took it as ripping off..
The military may be an idiot in many ways: Paying contractors and money? I don;t think they are that dumb.
And the toilet seat incident? It was a bolt-down toilet for a transport plane with ability to prevent automatic regurgitation when the plane does a hoop-a-hoop (throwing poop on crew is NOT advisable in war].
Yes, the military was overcharged. But not to the degree you think. The contractors overcharged by 15% on platinum and 12% on toilet seats.
And the military got the money back.

Re:Hammer

Search for hammer or toilet seats at http://assist.daps.dla.mil/quicksearch/ [dla.mil]
Read the story at http://gutrumbles.com/archives2/001873.php [gutrumbles.com]

And the hammer in question was a Modal Impact Hammer costing $1,000 originally.
Have you bid on government, especially military contracts?

The military *did* pay $600 for a device that had a handle on one end and a striking surface on the other, but that was a 'hammer' in the same way that a mainframe computer is an 'adding machine'.

The specs for an Ashtray are similar to specs for an F-22 Raptor (the spec book outweighs the ashtray) because the military is so exact in its specs.
To make them, contractors often have to specially have special plates/machines which can't be used for anything else often.

Yes i agree that there are wastages and contractors earn a lot. But it is limited to KBR, Halliburton variety, the majority of other contractors are mom-and-pop variety with sales less than $2.5 mil annually and actually struggle.

Re:oh lord

The dude who pulled this off was black! But The Man will never give credit for something this big to a brother.

Re: 'I don't do e-mail. I'm a very low-tech person

And why is the ability to use email now a yardstick for someone being capable to do their job? I flew aircraft, using email was totally irrelevant. Nor is it a critical skill for a shopkeeper, a gardener, a fireman or a million other tasks. Sure, they can all use it if they wish to do so, but it does not affect their ability to do their job. I commanded large groups of people and I didn't need to use an email to do it. Lots of information had to be written down but an email was NOT an acceptable format for a set of orders, an intelligence assessment, a personal report on a subordinate or a request for leave. In my environment, you had to be able to write correctly and accurately, using a big boy's pen. Yes, it could be typed, using a traditional typewriter or a computer, but it still didn't need an email to do it. For security reasons, the vast majority of the computers that I used were either standalone or on very limited networks. The email facility, if used at all, wasn't always high up on the list. You probably work in something connected to computers, hence your interest here on /. You are probably interested in technology and other geek pursuits. It might be important to you, but that doesn't make it important to others.

Re:You know what bothered me most about that story

What in Hell are those guys doing if taking 1500 'puters off line doesn't affect operations? Should those 'puters even BE on-line then?

I love it when they get it wrong.... It was 1500 accounts, not computers. Get the story from a real IT news source [news.com.au].