Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security The Military

Significant Russian Attack On US Military Networks 270

killmofasta notes an LA Times story on a severe and widespread attack on US military computers that may have originated in Russia. Turns out the military's recent ban on flash drives was a precursor to this attack, which was significant enough that the President and the Defense Secretary were briefed on it. "The 'malware' strike, thought to be from inside Russia, hit combat zone computers and the US Central Command overseeing Iraq and Afghanistan. The attack underscores concerns about computer warfare. 'This one was significant; this one got our attention,' said one defense official, speaking on condition of anonymity when discussing internal assessments. Although officials are withholding many details, the attack underscores the increasing danger and potential significance of computer warfare, which defense experts say could one day be used by combatants to undermine even a militarily superior adversary. ... [A defense official said] 'We have taken a number of corrective measures, but I would be overstating it if I said we were through this.'"
This discussion has been archived. No new comments can be posted.

Significant Russian Attack On US Military Networks

Comments Filter:
  • by Viol8 ( 599362 ) on Friday November 28, 2008 @10:22AM (#25916121) Homepage

    ... to have sensitive systems directly connected to the internet?

    Oh , wait...

    • Re: (Score:3, Insightful)

      Ban on flash drives ... doesn't seem they came in through the internet.

      (btw : of course the military has computers connected directly to the internet. They created the internet. The remaining systems are only sensitive in the economic sense of the word though)

      just my 2c

      • Re: (Score:3, Insightful)

        by theaveng ( 1243528 )

        How do we know this attack even happened?

        Supreme Commander/General Eisenhower warned us to be wary of the military-industrial complex's desire to create wars just to keep themselves in business, and we already caught them in a recent lie (WMDs in Iraq that never existed). How do we know this "computer war" happened and is not just another made-up story to try to get trillions more dollars & keep the military-industrial companies employed?

        I work for these people, and frankly I don't trust them. I'd per

        • by zappepcs ( 820751 ) on Friday November 28, 2008 @11:03AM (#25916423) Journal

          The other side of the coin is like this:

          How do we know that it's not retaliation for an attack on Russian computers that originated from US military networks?

          When we start hearing news stories about computer attacks from Latvia, Peru, or some small country in the far east perhaps they can be believed. Right now the news is all about attacks from people that the current administration would like to demonize. That makes the believability of these reports a little less than zero IMO. It sounds like pure propaganda at this point. If it is real, it's probably part of a cat/mouse game that we've been playing with them all along. Anyone who has been in the US military knows that we play war games all the time with Russia. Look up news on the USS Augusta, search for news about submarines a week before and after, you'll see that it hit a Russian sub in a bad game of chicken. Why would computer networks be any different? I bet there are teams of IT people that set up honey pot networks just for this kind of war game. It would be stupid to believe otherwise.

          • by peragrin ( 659227 ) on Friday November 28, 2008 @12:35PM (#25917105)

            well the simplest solution is to look at non US news sources. frequently the BBC posts stories about US military hours before american news outlets do. Pull your head out of your arse, and look at some else's news for a while. France while a some what ally will publish news that American news outlets won't as they are considered "sensitive" or not news worthy(read latest actress scandal is more important).

            • by OeLeWaPpErKe ( 412765 ) on Friday November 28, 2008 @02:25PM (#25917895) Homepage

              *sigh* this is just so stupid it's hard to decide where to begin, but I'll try :

              When you see an American article, in English, you always see "AP", "AFP" under it. There is a third agency, but it's name escapes me for now.

              AP stands for associated press, which is not American
              AFP stands for "agence france-presse" which is french.

              They cooperate with one another, hardly ever making double coverage, so in practice an article with AP under it might have come from AFP. They both translate those articles in over 30 languages, and give their clients, like cnn, the right to copy them verbatim.

              So 1/3rd (in theory, in practice more) of all the news you see has been collected by French reporters, or at least reporters paid by french people.

              You will find nearly all news duplicated across the atlantic in practice. Everybody agrees having a singular entity collect all news is a terrible idea. Everybody also agrees that it's cheaper, so it wasn't a contest at all.

              Also keep in mind that e.g. during the Israel-Lebanon (or rather Israel vs Lebanese terrorists that Lebanon couldn't (and can't) deal with, who are therefore in massive violation of just about every international treaty by their existence alone), AFP hired a Hezbollah "kolonel" to collect news for them (he had very good access to the battlefield, you see, and he didn't tell AFP about his position). This is then passed of as "impartial" information.

              But the sad reality is, there isn't any alternative to them.

              • by adam.dorsey ( 957024 ) on Friday November 28, 2008 @03:46PM (#25918485)

                When you see an American article, in English, you always see "AP", "AFP" under it. There is a third agency, but it's name escapes me for now.

                Reuters

              • Re: (Score:3, Informative)

                by chrb ( 1083577 )

                AP stands for associated press, which is not American
                AFP stands for "agence france-presse" which is french....

                So 1/3rd (in theory, in practice more) of all the news you see has been collected by French reporters, or at least reporters paid by french people.

                Do you really believe that this is true? For a start, the world's largest broadcasting news gathering organisation is the BBC, which is British. Secondly, I was under the impression that U.S. news broadcasters mostly ignore international issues an

              • Re: (Score:3, Insightful)

                by peragrin ( 659227 )

                a few years back when the american Sub hit a japanese fishing trawler, I heard about it from the BBC 3 hours earlier than CNN, FOX, or NBC began to air what happened.

                the AP had it but it wasn't news worthy for hours afterwards. I didn't say other news sources wouldn't be biased as well, but if you want to know what is happening in the USA try an external news source first.

                Another point the hotel shooting in India. the USA news sources are focusing 90% of their coverage on the 3 americans inside, more or e

          • by Sloppy ( 14984 ) on Friday November 28, 2008 @12:55PM (#25917237) Homepage Journal

            How do we know that it's not retaliation for an attack on Russian computers that originated from US military networks?

            I'm not sure it matters. Whether US military computers were choosing to load and execute foreign code as a result of a foreign first strike, or a foreign counter-attack, we still have the situation that US military computers are loading and executing untrusted code, and apparently unsandboxed, so that it ended up mattering.

            I don't care why it happened at the political level; I care about why it's happening at the computer or operator level. People using "important" computers shouldn't be doing that, nor should their computers be making it easy for them to do that.

            No matter why the military computers were attacked, the fact that the attack worked proves incompetence.

          • Re: (Score:3, Insightful)

            by Pros_n_Cons ( 535669 )
            Yes lets forget about the Russia's recent aggression into Georgia
            Lets also pretend Russia isn't going to finish building Irans first nuclear plant in 2009
            Lets not acknowledge that Medvedev just signed a nuclear deal with Venezuela
            Lets forget all the recent _obvious_ Russian aggression against the United States and just skip to the part where you make up facts out of thin air about the US attacking Russian computers. Then lets take this big steamy pile of B.s. and mod it plus 5 cause its anti-american and
            • Re: (Score:3, Insightful)

              by zappepcs ( 820751 )

              Well, since your handle is 'Pros_n_Cons' perhaps we should revisit the news:

              Georgia started the strife with Russia - not the other way around.
              Russia has been trying to get in on Iranian nuclear power to sell them stuff for a long time. The politics of the middle east is complex enough that no slashdot post will explain it all. Russia still needs warm water ports. Iran is a strategically valid place for them. Russia actually offered to help settle the sabre rattling over nuclear power in Iran by assisting wi

        • by El Torico ( 732160 ) on Friday November 28, 2008 @12:08PM (#25916937)

          I work for these people, and frankly I don't trust them. I'd personally be happy to give up my job in order to bring the Congressional budget into the black & reduce taxpayer burdens, but I know many of my colleagues would not. They want to keep their jobs regardless of cost (or lies).

          I don't trust any upper-level manager in any industry, but especially not in DoD contracting, and I certainly don't trust DoD civilians to be honest or competent.
          This is taking place during the transition between Administrations, so someone at the DoD hierarchy wants to make a show about how they are "protecting America" when everyone in the commercial sector dealt with the agent.btz trojan quietly months ago.

        • "I work for these people, and frankly I don't trust them."

          So leave. Obviously, you have no issue taking home a paycheck from the folks you don't trust. Which, by the way is supporting their cause.

          "budget into the black"

          Sorry, but if it makes it into the black, I want my money back. Zero should be the target, not profit.

          Look, it is very necessary to put information to a litmus test. The press doesn't really do it since they inject so much personal agenda it becomes hard to find the "real" facts. However, whe

        • Re: (Score:3, Informative)

          Easy to keep the military systems safe, don't plug them into the internet...that way people all the way from Russia wont be able to hack them if there is no access....it would only be something from within, and this we already have a budget for, not need more money for it as a separate expenditure

        • by lysergic.acid ( 845423 ) on Friday November 28, 2008 @01:00PM (#25917259) Homepage

          while i don't doubt that electronic warfare is being actively developed by other nations (i'm sure the U.S. armed forces aren't the only military interested in, or actively developing, electronic warfare tactics), i wouldn't put it past the MIC to exaggerate the risk of electronic attacks in order to manipulate the public. it certainly wouldn't be the first time the public was mislead about our nation's defense in order to funnel tax dollars into unnecessary defense projects. and now with war logistics being an more lucrative than ever through the Logistics Civil Augmentation Program [corpwatch.org] (LOGCAP) and its cost-plus award-fee contracts, even more more private sector companies have a vested interest in seeing a renewed Cold-War-type international tension and corresponding military spending.

          it's just too bad Americans never heeded Eisenhower's farewell address [wikisource.org]. of course, if more people working in the defense industry were truly patriotic, they'd all be as morally enlightened as you, and the MIC wouldn't exist.

      • But that was before every wannabe script kiddy used it. I would have thought they'd have had a seperate disconnected military network of their own by now.

      • by Jeremiah Cornelius ( 137 ) on Friday November 28, 2008 @10:54AM (#25916357) Homepage Journal

        These are professional liars, folks! This is a part of the Military disinformation effort - so publicly trumpeted right here on Slashdot - not so long ago.

        If there had been any such REAL significance to this 'attack', do you think that it would be published and publicly acknowledged? There are very minor cold-war-era incidents and slip-ups that are still highly-classified, and never acknowledged.

        I suppose this to be a non-event of ordinary malware, that is being used to:
        1) Shape public opinion and generate suspicion
        2) Justify restrictions on the Internet access/speech of military personnel
        3) Profit!

        Remember: In Soviet America, Military Network Attacks YOU!

    • by Nursie ( 632944 )

      Did you mean "isn't".

      Because right now your "Oh, wait..." is redundant.

    • They Aren't. (Score:3, Insightful)

      by maz2331 ( 1104901 )

      The US military is not stupid, and does take systems security very seriously. What would look like ultra-paranoid behavior to a civilian may well be fully justified in the military world.

      The reason is simple: any breach, leak, or DoS can result in somebody being killed, operations foiled, or even wars lost.

      Security people have to guard against known threats and techniques, which are very challenging, plus unknown ones that nobody has even thought to consider. Being able to trust the technology that they ar

  • by mrbcs ( 737902 ) * on Friday November 28, 2008 @10:22AM (#25916123)
    So umm, how's that Vista working out for you? What'd they use for the attack? Solitaire?
  • by MadMidnightBomber ( 894759 ) on Friday November 28, 2008 @10:28AM (#25916165)

    $100/hour to install air-gap firewalls on sensitive/classified networks. (Includes rental of scissors.)

  • by UltraAyla ( 828879 ) on Friday November 28, 2008 @10:28AM (#25916167) Homepage
    Just remember that just because it originated in Russia does not mean that this was a Russian Government attack (though it could have been known about and ignored by them if it wasn't) - it just happens to have been in Russia - the headline is a little misleading in that sense.
    • Just remember that just because it originated in Russia does not mean that this was a Russian Government attack (though it could have been known about and ignored by them if it wasn't) - it just happens to have been in Russia - the headline is a little misleading in that sense.

      But surely there are just evil dudes and dragons beyond our borders jealous about our freedoms (ignore DRM, unwarranted phone snooping, etc for this argument)? I know for sure that there are ice dragons and Igloo dwellers to the north. To the east there is meant to be an old continent, but I am yet to be convinced of its existence. ;)

      • Yea we have it tough in America (DRM, IP rights, a well publicized illegal actions by the government). I much rather live in a country that will kill you if you say something unpatriotic loud enough, or just reported it.

        • Re: (Score:3, Interesting)

          by Omestes ( 471991 )

          Yes, there are countries worse than us, much worse. But, there are also countries better than us. I find it odd that we went from claiming "We're the bastion to freedom" to claiming "We're not as bad as random Muslim theocracies, and some African anarchies, and perhaps China!". We should be striving to be the most free country in the world again, and not just mediocre.

          As for all of our other metrics, we're failing. Sure, we're better than Congo, but who isn't (besides the Congo)? Its like murdering som

    • by Detritus ( 11846 ) on Friday November 28, 2008 @10:43AM (#25916269) Homepage
      It would be equally silly to ignore the fact that China, Russia and certain other countries have well-funded technical and military intelligence collection programs that have been running for many decades, and explicitly target the United States.
      • Re: (Score:3, Insightful)

        by UltraAyla ( 828879 )
        You're absolutely right and I completely agree - I'm not saying that this wasn't sponsored by or carried out by a foreign nation, but that we should not conclude that this is the case. It is very likely that this attack was from a foreign nation, and if it wasn't, there will be others.
      • Re: (Score:3, Insightful)

        by Venik ( 915777 )

        In this case one should also remember that the US has similar programs that explicitly target Russia and China. And so, perhaps, it would make sense to better protect one's own networks than to blame the Russians and the Chinese for every security breach. Even if they are responsible. Especially if they are responsible. This way the Pentagon may only appear vulnerable, as opposed to vulnerable AND incompetent.

    • Not only headline is misleading, RTFA clearly states that source of the malware is not identified.
      And this wasnt targeted attack I assume, some stupid fuck just ran piece of malware on secure computer and it spreaded.
      Of course to make things big and get money on "cyberdefense" there should be some country to blame.

    • by blhack ( 921171 ) on Friday November 28, 2008 @10:56AM (#25916373)

      I'm not sure how things work in Russia (if the state owns the networks or not) but wouldn't it be the ISP or bandwidth provider ignoring this?

      I know, I know, ISPs can't (and shouldn't) be held responsible for this sort of thing, but just jumping at the Russian government because technically the copper(or fiber, or whatever) exists in Russian territory is a little bit silly IMHO.

      Really the only way that we could hold a foreign government responsible for the actions of their citizens on the Internet would be to expect government oversight on all the packets floating around on the networks that exist within their territories. I highly doubt that there are many people on slashdot that would advocate that.
      Really, the Internet needs to exist separately from real-world governments. I know that some are in favor of having no regulatory body of any kind on the networks, but I think things are starting to get out of hand. A government that exists for the internet only is starting to make sense, especially since people who have studied traditional, physical-world-based law have generally don't know head from ass when it comes to computer networks.

      • The global ramifications of this stance are more nuanced than that. It would be a sign of good faith if the Russian government were to prosecute the parties responsible for an attack on a foreign military body. Conversely, it is a sign of complacence if they do not.

        Basically, the problems that the network can create are too many and too serious for the governments of the world to ignore. This doesn't mean 'Net Neutrality is impossible, but it means security reforms is going to have to happen sooner
    • Re: (Score:2, Interesting)

      by methamorph ( 950510 )
      It doesn't even mean that the ones behind the attack are russian nationals. For all we know it could be americans using 0wned computers in Russia.
  • by threeturn ( 622824 ) on Friday November 28, 2008 @10:29AM (#25916171)

    I love the way these things are always spun as if they are significant military attacks coordinate by the foreign government or their agents. Is there any evidence that it isn't just a few bored teenagers who happen to live in Russia and think it would be fun to try and hack the US DOD?

    • by Steauengeglase ( 512315 ) on Friday November 28, 2008 @10:38AM (#25916237)

      After all that went down in Georgia, I think it proves that there really isn't that much of a difference between the two.

      • by BCW2 ( 168187 )
        You would think that what happened with Georgia would highlight the fact that the Government of Russia hasn't really changed in 90 years.
        • Re: (Score:2, Insightful)

          by Dramacrat ( 1052126 )
          Yeah, it defended itself from an invasion just as it did in 1941. You're right, nothing has changed, nor should it.
        • 90 why pick such an odd number?

          The Russian Empire was doing a lot of really bad stuff way before the USSR was even thought of. Of course, the British Empire, the Japanese Empire, the French Empire etc. all imposed by force their rule of law.

      • by tzhuge ( 1031302 )
        I don't really understand what you mean by that so I don't feel terribly informed. Could you elaborate a bit? What happened in Georgia was a gong show all around, but that aside, I would consider the South Ossetian separatists to at least be Russian backed (i.e. their agents). So I'm not sure how that demonstrates 'a few bored teenagers who happen to live in Russia' are effectively the same as the Russian government or their agents.
      • by Erikderzweite ( 1146485 ) on Friday November 28, 2008 @03:52PM (#25918541)

        And what do you thing has happened in Georgia? To tell the long story short -- Russia has stopped a Georgian assault on its citizens (most people in South Osetia have Russian citizenship) and made Georgia return to negotiations with South Osetia.

        The propaganda machine is working very well though. Next you'll tell that the Russians have violated Germany's sovereignty in 1945 and made their democratic elected leader commit suicide.

    • by pubjames ( 468013 ) on Friday November 28, 2008 @10:41AM (#25916261)

      It probably is some windows worm or something written by a script-kiddie. But to admit that would be to embarrassing, so they make it out to be a big deal.

      Like that poor Brit who was looking for info. about UFOs.

      • by Kent Recal ( 714863 ) on Friday November 28, 2008 @11:21AM (#25916541)

        It probably is some windows worm or something written by a script-kiddie. But to admit that would be to embarrassing, so they make it out to be a big deal.

        It is exactly this vain "cover-my-ass" attitude that makes situations escalate, sometimes up to the point of war. I understand that a bunch of old farts in DoD feel a strong need to justify (or increase) their Cyberwarfare budgets but pointing fingers at an allied country (relations with which are not always easy) in public over a non-issue like this is, imho, going way too far.

        Network security by isolation of the critical parts is possible and this whole "cyberwarfare"-bullshit is just driving tears into the eyes of anyone who knows a bit about the subject.
        Yes, an attacker could overload and DoS less important/perimeter networks and yes an attacker may able to overtake various individual machines or department networks, e.g. by sneaking trojans onto employee's computers, phishing etc.

        If any of that worries you in a national-security kind of way then do your fucking homework and implement appropiate security layers and airgaps already!
        A flash trojan is a non-issue because a critical system won't run flash. In fact, a critical system won't even interface with a system that could be taken over in such a way.

        • Re: (Score:2, Insightful)

          by Rinkhals ( 930763 )
          I agree.

          If this is the cutting edge of cyber-warfare, then it's quite frankly piss-poor.

          And if the DoD defences against this attack are weak enough to be breached then the last thing they should be doing is bleating on about it and drawing attention to the fact.
      • Re: (Score:2, Funny)

        by Hal_Porter ( 817932 )

        Like that poor Brit who was looking for info. about UFOs.

        That Brit was a Red. He gave an interview to the Guardian.

    • by Xest ( 935314 ) on Friday November 28, 2008 @11:00AM (#25916399)

      To be fair, it's not like when the US reports these attacks to China/Russia they do anything about them to suggest you might be right though.

      It's the same with the whole Litvinenko thing here in the UK, we know where the Polonium came from (a Russian lab) we even pretty much know Lugovoi did it but as they wont help whatsoever to put him to trial and have instead put him into their parliament in a position of power it's kind of hard to give them the benefit of the doubt.

      Maybe if they actually helped bring these perpetrators to justice we could give them the benefit of the doubt as you suggest, but when they instead protect the almost certainly guilt with no real trial or investigation then it only adds to the idea that the governments of these nations themselves are in fact responsible.

      If a bunch of Canadians crossed the US border and attacked the US and then made it back to Canada safely and the Canadian government did nothing about it or even went as far as giving these people places in government as per the Luogovoi/Litvinenko affair then yeah I think most people would still say the Canadian government deserves a lot of the blame.

      Don't get me wrong however, I do feel these "cyber attacks" are a little overstated, I hate to say it but it's becoming so common when I read about them I can't help but think "Who cares, stop moaning and either return the favour or learn from it and stop it happening again". As is pointed out here on Slashdot often though, they don't seem to learn from their mistakes and instead simply repeat them over and over. I'm not sure what the US government is trying to achieve with these cries? Trying to make us hate Russia/China? Don't worry their human rights record means a lot of us already do. Trying to get sympathy? Well what for? You're the military, you're the ones who are meant to be dealing with it and so on.

      Or in other words, to put it simply- they're all just as bad as each other.

    • Exacketilly - Russia is not our enemy. Russia is an ally and has been an ally for hundreds of years. Sure, there has been the ocational minor disagreement, but in times of war Russia, UK, France and USA always stick together. I know that is contrary to what CNN and others would like it to be, but the facts are otherwise.
    • Threatening but ultimately harmless attacks are carried about by scary foreign militaries, and devastating wide-scale attacks are carried out by bored spotty teenagers. What don't you watch TV!?!?

  • by Anonymous Coward on Friday November 28, 2008 @10:33AM (#25916191)

    Anonymous coward here, for a reason etc.

    I work with the USAF in a very official capacity in IT and got wind of the flash media ban a while back.

    I've been asked to keep quiet about this, but since it isn't classified, and nobody takes slashdot seriously, take this for what it is worth:

    We stopped using all flash media on all networks because we can no longer be confident that they do not come from the factory with payloads attached. I've seen entire boxes of flash media from the "amnesty boxes" set up inside USAF buildings sent off to NSA and FBI for investigation.

    There are some who think that manufacturers have been infiltrated with the sole purpose of loading malware onto drives. And it isn't that it's specifically an attack on US Gov. computers - it's just that Gov. networks tend to be pretty incestuous, and flash drives are often moved back and forth between multiple computers daily by most users due to the flakiness of CAC (common access card) infrastructure.

    So beware.

    • There are some who think that manufacturers have been infiltrated with the sole purpose of loading malware onto drives.

      What's the point of putting malware if it won't be run? Or did I miss something, and "autorun" actually works on UMS devices in Windows?

      • Re: (Score:3, Informative)

        by jimicus ( 737525 )

        What's the point of putting malware if it won't be run? Or did I miss something, and "autorun" actually works on UMS devices in Windows?

        You did, it does.

      • Re: (Score:3, Informative)

        by ptbarnett ( 159784 )

        What's the point of putting malware if it won't be run? Or did I miss something, and "autorun" actually works on UMS devices in Windows?

        Yes, it does. But, it's relatively easy to disable.

        Use a Microsoft "PowerToys" application to simply disable all drives: Tweak UI [wikipedia.org]. It's only available for XP, at least from Microsoft. There is reportedly a version for Vista from a third-party developer.

    • Re: (Score:3, Informative)

      by soulsteal ( 104635 )

      The ban on flash media was to stop the propagation of a Win32 worm that "spreads by creating an AUTORUN.INF file to the root of each drive with the malicious .dll file."

      It was just one of many steps taken to triage infected systems and protect uninfected systems.

      It's possible it was an attempt to breach the DoD networks, but it's just as likely and more plausible that it's just another botnet being created.

    • Flashbacks to the days that rumours were rampant about McAfee installing viral software in printers for Russia ... Does anyone remember those stories?
    • Re: (Score:3, Interesting)

      by flyingfsck ( 986395 )
      Well, yeah. The problem is that flash drives are commonly used to bridge air gaps. The air gaps are there to isolate networks and and force manual transfer of data, but if the manual transfer method cannot be trusted then then something needs to be done about it. Banning flash drives may help, but it still leaves CDROMs and DVDs as a medium to bridge air gaps, so banning flash drives is just a temporary knee-jerk reaction really. The only long term solution is to stop using Mickey Mouse operating system
    • I work with the USAF in a very official capacity in IT

      I other words, you're the airman stuck on the Help Desk on the weekends?

      I don't know about your story... Not what they tell me here at McChord.

    • Re: (Score:3, Interesting)

      by will_die ( 586523 )
      The bad thing about this was that all major malware/virus software has had protection against it since June.
      So what had to of happened is some office with a high ranking official was not keeping their protection software up to date or disabled it, both against existing regulations.
      They then ran into problem and it spread across their network and they spread the alarm. At that point it got high enough that you got the new requirements.
  • by Anonymous Coward on Friday November 28, 2008 @10:50AM (#25916321)

    The federal government is finally starting to see the fruits of its trifecta of asinine spending policies:

    1) Lowest bidder (God forbid we get the best value for the tax dollar, not the cheapest).
    2) Standard pay rates that don't take into serious consideration the skills and experience of employees. God forbid we adopt private sector pay policies because that might make us look like we're discriminating if some employees get paid a lot less than others.
    3) The fact that it often takes an act of Congress to fire a federal employee.

    Like most Northern Virginia-based software engineers, I've worked a federal contract here and there. I've been exposed to incompetence from federal employees that would not be tolerated by almost any corporation. My company actually brought a formal business case for why our government program manager was wrong and her decisions would be a disastrous waste of tax payer money to her bosses. We **pleaded* with them to override her and let our senior engineer do the architecture since she had no idea how to do it.

    Guess what? They told us to shut up and get back in line.

    There's this myth that the outsourcing of government has ruined the federal government. That's bullshit. Government contractors are often the only people who actually get shit done! We're the ones who actually do much of the heavy lifting because the civil service for so long was allowed to deteriorate into a combination of an affirmative action program and a welfare program for stupid white men.

    There are real pockets of genuine competence and intelligence in the federal government, but unfortunately, they're so isolated by the prevailing culture and leadership that it would take a real Leviathan-wrangler at least 2 presidential terms to get any meaningful culling done.

    • Re: (Score:3, Insightful)

      by Jeff Hornby ( 211519 )

      Standard pay rates that don't take into serious consideration the skills and experience of employees. God forbid we adopt private sector pay policies because that might make us look like we're discriminating if some employees get paid a lot less than others.

      Private sector pay policies? As someone who works in the private sector, I can pretty much guarantee that private sector companies also use standard pay grades. Why is it that everybody thinks that private sector is a bastion of efficiency. I've wor

    • Re: (Score:3, Insightful)

      by Bios_Hakr ( 68586 )

      The US Military does not always choose the lowest bidder. The military is, in effect, a huge welfare program. Many times, we choose the vendor that provides the best social benefit. For instance, the GSA program gives additional weight to women-owned or minority-owned businesses.

      As for pay, the military takes teenagers off the street and puts them in charge of some of the most complex systems in the world. When IBM hires a 19yo high-school grad and put him in charge of corporate email servers, then US m

  • When will people learn...

    • by malevolentjelly ( 1057140 ) on Friday November 28, 2008 @11:22AM (#25916553) Journal

      They don't use a lot of Windows on internal systems in the DoD. As I'm to understand, they run a lot more Linux and Solaris. In the interests of national security, though, all these systems are too close to make a big difference security-wise.

      They may have different levels of attackability for circumstances relating to casual attacks and casual computer use (this is where we say "is the default linux installation in X version of linux more or less secure than the default windows installation in Y version of windows?) But when these systems have proper internal security policies set up, it doesn't make a huge difference-- when they are well configured, they're functionally the same.

      DoD systems are generally set up so that one is connected to the internal network and one to the external network-- when you want to move a file, you simply use a flash drive. The chances are very good that these are running different operating systems, anyway.

      For a coordinated and advanced attack on our DoD network infrastructure it has less to do with what operating systems we are running, which is really just a question of usability and administration time, but moreso broader questions of security policy-- such as where do you get your flash drives?

      In short, if one OS was the issue here, this attack couldn't have gotten anywhere. An OS really doesn't mean much when you compare it to the overall security model for the network infrastructure, especially with the physical network restrictions used by the DoD.

      The biggest difference for the operating systems for their purposes would be more on features like TPM-enabled drive encryption, etc-- things that would make it more difficult to hack a stolen laptop-- stuff like that.

  • Russian hackers (Score:3, Interesting)

    by Geoffrey.landis ( 926948 ) on Friday November 28, 2008 @10:57AM (#25916385) Homepage

    "may have originated in Russia" is not the same as "originated with the Russian government," of course.

    My guess, the attacks are an attempt to turn the vast power of military computer systems into one giant spam-bot.

    And, also, just think of all the new Nigerian scam letters that they could pull off with military connections... the "your son was wounded in Iraq and is being airlifted to a hospital in Germany, please send $10,000 to pay for a private room for him" scam will be much more powerful if it issues from a military computer (and, for that matter, much more convincing if the scammer knows the actual name, rank, and next-of-kin of the 'son').

  • by Anonymous Coward on Friday November 28, 2008 @11:10AM (#25916481)

    The British Intelligence have learnt how to avoid infecting their systems with infected flash drives. They leave them on the train where they can't do any harm.

  • by Bullfish ( 858648 ) on Friday November 28, 2008 @11:12AM (#25916493)
    If thse attacks are successful, they will replace the old practice of dropping leaflets on enemy soldiers... Now when the modern soldier opens his e-mail, he will be greeted with "Feeling ashamed of your small willy, we can help" etc etc
  • So, the other day, i thought that my girlfriend would like the present i gave her... God was i wrong...

    Now they think that the attack comes from Russia... That means they're not sure about it at all, they just got a hunch that the attack is from the Russians, they don't say they got proof or anything, they just say they think it's from there...

    However, suspicions of Russian involvement come at an especially delicate time because of sagging relations between Washington and Moscow and growing tension over U.S. plans to develop a missile defense system in Eastern Europe. The two governments also have traded charges of regional meddling after U.S. support for democratic elections in former Soviet states and recent Russian overtures in Latin America.

    Just because the relations with the Russians aren't that good doesn't automatically mean they'll attack you in Irak...

    For all we know, it could be Irakians who would

  • Not News (Score:4, Insightful)

    by jmyers ( 208878 ) on Friday November 28, 2008 @11:26AM (#25916581)

    Reading the article, which has almost no details, I think the LA Times is trying to make news out of nothing. The "senior military leaders" are basically like "senior business executives" who probably have no clue about any actual "attacks". They are just trying to hype up anything they can to increase their budgets.

    The actual details they are dealing with is the same as any organization that uses computers and employs people.

  • That is the odd thing... you never hear about the huge attacks on the Chinese, Russian, North Korean, etc. But then again, the USG would never do anything unethical or underhanded or hypocritical or .
    • "That is the odd thing... you never hear about the huge attacks on the Chinese, Russian, North Korean, etc."

      Not hearing is not the same as not happening. They may and probably DO not talk about those incidents. We live in a free-er society, and this stuff comes out because our press is marginally functional. That is, when it's not being willingly led by the nose by the current 'cause'. And slamming the current administration is always good business for our press.

      I would presume that every government is

  • by leoofborg ( 803260 ) on Friday November 28, 2008 @12:04PM (#25916903)

    Sorry, couldn't resist.

    Also, the CBC [Canadians] are running sensationalist crud on their TV.

    Most irritating soundbite from a DHS 'expert':

    "Digital Pearl Harbor"

    I think they must have run the same quote 3-4 times.

    Me? I think the military / DoD is begging for $$$ as usual. What? We didn't bail out the military? Shame!

  • sigh (Score:5, Insightful)

    by Deadplant ( 212273 ) on Friday November 28, 2008 @12:26PM (#25917035)

    ...experts have not pinpointed the source or motive of the attack and could not say whether the destructive program was created by an individual hacker or whether the Russian government may have had some involvement.

    Classic propoganda.
    Shame on Julian Barnes of the LA Times and the unnamed senior military leaders.

  • I would have expected that on a military level, all software and operating systems used should be compiled from source, the source checked and risky features locked down. That would exclude proprietary operating systems like windows and mac OX and even prepackaged open source systems. Its probably not cheaper but cases like this should be wake up calls.
  • Maybe DARPA shouldn't have pulled funding for OpenBSD research a few years ago. I knew that was going to come back to bite the US DoD in the ass sooner or later.

Marvelous! The super-user's going to boot me! What a finely tuned response to the situation!

Working...