Inside the Secret War Against Internet Spies

ahess247 brings us a lengthy BusinessWeek story on the increasing amount of attacks against the US government's online presence as well as its contacts in the private sector. Hackers are gaining a greater awareness of where valuable data might reside, and that awareness is leading to more precise, more sophisticated attacks. Quoting: "The U.S. government, and its sprawl of defense contractors, have been the victims of an unprecedented rash of similar cyber attacks over the last two years, say current and former U.S. government officials. 'It's espionage on a massive scale,' says Paul B. Kurtz, a former high-ranking national security official. Government agencies reported 12,986 cyber security incidents to the U.S. Homeland Security Dept. last fiscal year, triple the number from two years earlier. Incursions on the military's networks were up 55% last year, says Lieutenant General Charles E. Croom, head of the Pentagon's Joint Task Force for Global Network Operations. Private targets like Booz Allen are just as vulnerable and pose just as much potential security risk. 'They have our information on their networks. They're building our weapon systems. You wouldn't want that in enemy hands,' Croom says. Cyber attackers 'are not denying, disrupting, or destroying operations--yet. But that doesn't mean they don't have the capability.'"

For every defense...

[bluemetal]

For every defense there is an attack, and every attack a defense. These military types should know this better than anybody else. It's a battle they should be prepared to fight as it was only a matter of time before it happened. And of course, it will cost yet more resources to mount this defense (or as the case may be, an attack against the attackers) and somebody is going to have to pay for it. As always, technology is a double-edged sword.

Spy vs. Spy

[mfh]

Spies use any means available to find information. If the Internet helps, they'll use it. That does not change their ornithological classification, or make them more specialized in one key area.

Also, spies would rather have infrastructure INTACT, so they can exploit it easily. They are lazy humans, like you.

Not much of a secret anymore now is it?

[Gat0r30y]

And if these spys are doing a good job, it'd be awfully hard to catch em. Of course if this is any indication [slashdot.org] it couldn't be terribly difficult to gain access to sensitive information.

Re:You PWN3D my Empire!

[MrNaz]

I find it amusing that these articles portray the US as some kind of noble victim in online warfare, as though a) the US is not the most aggressive player in international geopolitics and b) the US has no cyber warfare program of its own.

Is there anyone dumb enough to still believe the romantic portrayal of the young valiant American heros defending liberty and freedom from the vicious hordes that everyone else refers to as "the rest of the world" ?

Connection to other malware.

[Ungrounded Lightning]

Some of this is no doubt spear-phishing. (Deploying newly-retuned spyware selectively against a target rather than globally, so it slips past signature-based malware detectors.) But I'd bet that most of this stuff is based on the malware developed for botnet-spamming and DDOSing, regular Phishing, etc.

We have a multibillion-dollar industry based on corrupting computers and stealing selected information from them, which the governments have virtually ignored while its techniques were honed. Now their own military secrets are the target of a similar attack. Any bets on whether it is built on the same code base.

Too late now, guys. The enemies' cyber-warfare departments now have the technology.

But I bet that, if you start finding and closing the barn doors even after most of the horses are gone, you'll find enough fingerprints and tire-tracks to trace down who did it. Hunt them down and take them out, and you'll eliminate a bunch of the talent that would otherwise be developing the technology further.

Color me underwhelmed.

[ColdWetDog]

The e-mail message addressed to a Booz Allen Hamilton executive was mundane--a shopping list sent over by the Pentagon of weaponry India wanted to buy. But the missive turned out to be a brilliant fake. Lurking beneath the description of aircraft, engines, and radar equipment was an insidious piece of computer code known as "Poison Ivy" designed to suck sensitive data out of the $4 billion consulting firm's computer network.

OK, so a contractor gets a random email asking for *something*. The email has a keylogger as an attachment. The executive doesn't activate the keylogger.

Western civilization was saved from the abyss.

Who doesn't think these things happen all of the time. I would be upset (in a general way) if our enemies didn't try that sort of stuff. And sneaking in via the side door. And the hot secretary. And countless other bits of espionage craft. Keep up the firewalls men! Loose lips sink ships. Watch them commies, you never know what to expect. Let's have another iPhone article, shall we. It's been maybe 24 hours since the last one. I'm getting bored.

Re:You PWN3D my Empire!

[Jeremiah Cornelius]

"Is there anyone dumb enough to still believe the romantic portrayal of the young valiant American heros defending liberty and freedom"

Yes. Products of the American "education" system.

Privatizing == Larger Surface Area

[Anonymous Coward]

As the government adds more private contractors to the feeding trough the attack/exploit surface area grows logarithmically. And they has less and less control and verification over that expanding surface area. A socialized military industrial complex would be more secure!

Re:You PWN3D my Empire!

[Anonymous Coward]

these articles portray the US as some kind of noble victim in online warfare

[citation needed]

I read the article quickly, and I did see that it describes attempts to penetrate US systems, from a US point of view. But I didn't happen to notice any editorializing about US nobility, or any suggestion of a lack of a US cyber warfare program.

Sure it wasn't in your head? Go ahead and criticize US policy. Criticize the article too, if you think it's poorly written. But you're criticizing the article based on something that it does not contain.

Is there anyone dumb enough to still believe the romantic portrayal of the young valiant American heros defending liberty and freedom from the vicious hordes that everyone else refers to as "the rest of the world" ?

Probably. Hang around a US military recruiting station, and I bet you can meet a few people who have that vision. Seeing it in real life, is a lot more amusing than the hallucination you had when you "read" the article.

Can anyone explain...

[zonky]

Why these Defense contractors are using unencrypted email, and Access to "to manage big batches of data.?"

For every threat there is funding

[EmbeddedJanitor]

Of course the military and others want to make Joe Sixpack scared. A scared citizen readily hands over funding, privacy etc.

The end of the Cold War was a huge threat to careers and funding in the CIA, military and govt contractors. Need those Iraq wars, terrorists and hackers to keep the whole war machine going.

The military industry is not the only one that works this way. The medical industry is catching on too (bird flu) and now the whole greenwashing industry (global warming etc).

Re:You PWN3D my Empire!

[Oligonicella]

The fact that you can even post this without boots at your door shows that those young heroes are indeed defending your liberty and freedom. "The rest of the world" is not one entity, but myriads. Many of those would gladly take you out and put a bullet in your head for your beliefs and speech.

Re:You PWN3D my Empire!

[Jeremiah Cornelius]

"Probably. Hang around a US military recruiting station, and I bet you can meet a few people who have that vision."

The FoxNews demographic. Earnest, well-intentioned, poorly-informed, misguided and wrong.

Logistics is key, even in the cyber age

[Anonymous Coward]

Timely and new sensitive data, and various top secret technology always seem cool enough to make the front pages of such espionage stuff. But I'm suprised they aren't speaking of some more mundane channels of attack.

Wasn't "The military marches on its stomach." some historical quote that was attributed to Napolean? Anyhow, where I'd keep an eye out for cyber vulnerabilities is in the logisitics chain. All it'd take is someone to get into the requisitions, inventory, and procurement channels and they could make all hell break loose. Frozen fish in the place of ammo, livestock sent to some other place, 100 screwdrivers and bomb fuses to an office that only does paperwork, etc. Not only can such things waste resources or man hours to correct, but it can cause negative economic consequences for contract vendors. Stupid shit like that could get old really fast.

Hopefully the military brass has enough sense to ensure strong verification when dealing with civilian contractors in the supply chain (and via internal supply channels). Also there should be some means to ensure the trustworthiness of supply contractors, as some purchase orders might have the possibility of indicating potential for action, etc.

On the other hand, this would potentially be a great way for the U.S. to attack any adversaries too. The more bureaucratic, thick, and mundane an organization is - the more opportunities for logistics data mayhem. False requests will tend to look more "reasonable" under such systems.

Re:You PWN3D my Empire!

[phantomfive]

Billions of dollars to buy their feudal allegiance - with goodwill as the PR story to sell Empire back home.

Um.....I think you are a bit confused about how feudalism works. You see the idea is the underling gives money and tribute to his feudal Lord. You don't buy feudal allegiance with money, you get it by promising not to destroy the country.

Maybe this is not what you meant. Maybe you picked the wrong words; but you will get a lot farther using words that represent what you actually mean rather than picking words that sound sensationalistic and are clearly an exaggeration.

America isn't perfect by any stretch of the imagination. Neither are it's citizens, so how could it be? But comparing America to a feudalistic Kingdoms is to so blatantly misrepresent the situation as to render your argument worthless until it is stated more accurately.

Re:You PWN3D my Empire!

[MrNaz]

Billions in aid? Perhaps you need to have a good, hard look at just how USAID operates, and the role the IMF plays in global development with it's so called "development loans".

Oh, and the tone of your message is basically "Sure we killed millions of innocents and plundered natural wealth to which we had no legal or moral claim. But hey, at least our heart was in the right place!".

Re:You PWN3D my Empire!

[Anonymous Coward]

Wow, did it take you long to parrot that tired argument?

Back in the age of Kings and Queens, Free Speech could zing some very really big egos who had absolutely no need to curb their vengeance and you were lucky if you were connected to people two towns over, let alone across the country. People who could wield the power of the pen were relatively few as well.

Now, the power of the pen has been diluted by the masses and we have every idiot comparing every public figure to Hitler -- giving rise to Godwin's law and people rolling their eyes at every negative utterance.

Really, the next best thing to silencing people is to let the bullshit level rise to a cresendo and make everyone too confused or tired to sort out the mess.

The government no longer needs to silence you just for an opinion. It has less traceable methods to simply dilute or discredit what you have to say.

A free society is in accordance to what you can do, not just what you can say. And I don't know about you, but in my experience people are pretty fuckin' complacent - which suits the government just fine.

Jack boots were the crude methods to yesteryear, doesn't mean the same goals aren't being pursued successfully through different means and infractions of your liberty.