Pentagon Confirms 2008 Computer Breach — 'Worst Ever' 157
jowifi writes "The New York Times reports that the Pentagon has confirmed that, in 2008, a foreign agent instigated 'the most significant breach of US military computers ever' using a USB flash drive. While the breach was previously reported on Wired and the LA Times, this is the first official confirmation of the attack that led to the banning of USB drives on government computers."
Re:The right reaction? (Score:2, Interesting)
Re:This is likely why MS has GPOs in W7 (Score:4, Interesting)
The thing that is stupid about it is that sure block exes from being run from a USB, then the user will copy it to the machine and run it there.
BTW, GPOs from day one have had the ability to disable Autoplay and autorun.
Where there's a USB port ... there's a way (Score:5, Interesting)
A US Army dental surgeon told me that their computers were "fixed", so they could not copy pictures of their operations to any external media. The surgeons needed anonymous pictures of operations that they had performed, for preparing for their careers after their service. Like, applying for a job somewhere.
One of them figured a way to use the USB port in the Canon printer that they had. They could toss pictures at the printer, and land them on the USB stick. Circumventing any blocks on the PCs from accessing the PCs' USB ports.
So any unprotected port is, well, a potential source of a leak.
Haven't I seen this movie before? (Score:2, Interesting)
Re:This is likely why MS has GPOs in W7 (Score:4, Interesting)
I have this dim recollection that we could do this with GPOs in Win XP.
And we could use ZenWorks to do it also. Much nicer editor, and volatile accounts are a blessing in school labs.
Disabling removable media isn't new, just overlooked.
Re:This is likely why MS has GPOs in W7 (Score:5, Interesting)
Re:The right reaction? (Score:3, Interesting)
Re:Still vulnerable (Score:3, Interesting)
There's no reason why the check point computer even needs to be connected to the net at all if you're willing to do manual updates to the security software via disk.
Re:Flash Drives (Score:1, Interesting)
USB drives were at one time used to transfer between air-gapped networks when CD/DVD transfers would burn through media too often. I can attest to this.
Re:This is likely why MS has GPOs in W7 (Score:2, Interesting)
Doesn't help the government NMCI machines, which are still running XP.
Re:This is likely why MS has GPOs in W7 (Score:2, Interesting)
In 2008 any standard issue Army computer would've have had autorun disabled. This was standard practice. In 2008 the Army was handing out commercially available encrypted USB drives and telling everyone to use them and nothing else. These drives had an unencrypted partition loaded with the software used to unlock and mount the encrypted partition, along with an autorun.bat script that would eliminate the extra steps needed to launch that encryption software, if you were to actually have autorun enabled.
So my guess is that some influential user got an admin to enable autorun to save him a few extra steps each time he inserted his encrypted USB drive. From there it was just a matter of time for that to come back and bite him.
Re:The right reaction? (Score:3, Interesting)
But then again maybe someone in the G6 (Army IT guys) just decided the ban was stupid when they were issuing out new computers and while USB was blocked, Firewire, eSATA and SD card port and slots were all active and working. My office went from everyone carrying USB drives in their pockets to everyone carrying SD cards.
Now if the machine is off the mil network the USB works, if the USB drive is in the machine when I connect to the network it works, but if I pull the drive out and re-insert it or if I connect and log in and then insert the USB drive it doesn't work, typical military brilliance.
This is why DoD needs to put a bullet in M$ (Score:4, Interesting)
In 2008 any standard issue Army computer would've...
But were they able to track down and deal with the individual(s) that deployed Microsoft products?
The military procurement procedures produce a solid paper trail even if on some occasions they produce nothing else. Had they deployed properly engineered products rather than brands infamous for bad design [slashdot.org] the problem would not have arisen. The US Navy will focus on open systems only [fcw.com], if it can stay clear of the old M$ contractors and M$ resellers.
Re:This is likely why MS has GPOs in W7 (Score:3, Interesting)
Disabling the ability to mount or mounting read only for USB mass storage devices would not have made a difference. Further, there is a fundamental flaw with USB...
During Blackhat/Defcon (or was it B Sides), a guy, whos name completely escapes me right now, as I did not get a chance to attend the briefing/talk, took a USB thumb drive and added some keyboard hardware to it. When you plug it into the system, it registers as an HID device, not a USB Mass storage device...
Guess what, every computer that is sold uses a USB keyboard and mouse. I am sure you can still find ps2 based keyboards, but not for places that require users to use a crypto card, or a CAC card (per HSPD-12), which generally drops into the keyboard, those are USB devices.
A small script with some keystrokes embedded into the USB drive that identifies itself as a keyboard, and you can instruct it to do whatever....
USB itself is flawed in that respect, so simply disabling USB Mass storage will not work.
Now if only I could remember who gave the damn talk....