Pentagon Discloses Network Breach By Russian Hackers 64
An anonymous reader writes: The Pentagon has disclosed that Russian hackers were able to breach one of its secure networks earlier this year, and referred to the attack as a "worrisome" incident. "Earlier this year, the sensors that guard DOD's unclassified networks detected Russian hackers accessing one of our networks," said defense secretary Ash Carter yesterday during a speech at Stanford University. Carter warned Russia that the U.S. Department of Defense would retaliate with cyber campaigns should it see fit. "Adversaries should know that our preference for deterrence and our defensive posture don't diminish our willingness to use cyber options if necessary," said Carter. He added in a prepared statement that the Russian hackers had been able to gain access to an "unclassified network" but had been "quickly identified" by a team of cyberattack experts who managed to block the hackers "within 24 hours." The cybersecurity response team had quickly analyzed the hack patterns and code and identified the intruders as Russian, before "kicking them off the network."
Re: (Score:1)
Sorry, but the Soviet Gulag found you.
And it's great that you finally came out of the closet. Now we all know, for sure, that Anonymous Coward is gay. Sure, we all just assumed it was true all along, but now we know.
Re:Bet I can guess the solution (Score:5, Insightful)
Another 10 billion dollars.
The point of the article is not the Pentagon saying that they need more money to thwart future attacks. It is to let people know that attacks like this do occur and are being handled swiftly.
Re: (Score:2, Informative)
The fact that my network is seeing a 10 fold increased attacks from Russian IP's over the past 2-3 years is enough to lead me to believe what's being said here is true. Still doesn't beat China but Russia is very quickly gaining ground.
Re: (Score:3)
The fact that my network is seeing a 10 fold increased attacks from Russian IP's over the past 2-3 years is enough to lead me to believe what's being said here is true. Still doesn't beat China but Russia is very quickly gaining ground.
And how, exactly, those "attacks" look like?
Re:Bet I can guess the solution (Score:5, Interesting)
...attacks from Russian IP's...
One should realize that there are a lot "pirated" Windows OS installations in Russia. I would guess more than 90%.
These PCs do not have Windows Update, since the OS is not authentic. And consequently hoards of different viruses, trojans and bot-networks run on them. The masters of these malicious networks could mount cyber activity from the IPs' of unsuspecting owners.
I would advise a Pentagon delegation to visit a Russian megalopolis for a cultural exchange trip and learn the real situation on the ground, before retaliating with cyber campaigns on poor people.
Re: (Score:2)
One should realize that there are a lot "pirated" Windows OS installations in Russia. I would guess more than 90%.
Every pirated version of windows I have used, including the one I'm using right this second, has been getting updates from MS.
Re: (Score:3)
Re: (Score:2)
The fact that I can see what host and IPs it's connecting to and downloading the patch files (which are all owned by MS) tells me they are legit.
Re: (Score:3)
It is to let people know that attacks like this do occur and are being handled swiftly.
In this cases handled swiftly measured in seconds, when it is measured in days it means that attackers had a chance to upload everything they had access to.
Re: (Score:1)
Yeah, and to let people know the US has a magical purple unicorn which can pinpoint the country of origin of a 50-deep proxy chain cyber attack on a world map. F34r.
Well ok, in reality, there sure can be various signs of the origin of a complex attack, there can be indications because of the specificity of the target, there can be some level of tracking through at least international sea optical fiber cables and satellites, US-intelligence-friendly countries, honey pot/controlled proxies/Tor nodes, inside k
Re: (Score:1)
secure network? (Score:1)
Re: (Score:2)
No, no, they should be looking over fake plans to raise thebattleship Yamato and put her into space. Go big, or go home.
Or... maybe those are the real plans?
Re: (Score:3)
No, no, they should be looking over fake plans to raise thebattleship Yamato and put her into space. Go big, or go home.
Or... maybe those are the real plans?
It had 18" guns, the biggest ones ever built for sea and in violation of international arms agreements. If you fire them from space, they're space guns!
Re: (Score:2)
If you fire them from space, they're space guns!
And if you control them from an iPhone, they're n guns!
Re: (Score:2)
18" guns firing in space? Feh. Come to me when you have a wave motion gun.
Re: (Score:2)
Details, check the damn details!!
1- there is also a agreement to not put weapons on space
2- Money! you would need a HUGE amount of fuel to put something that big on space, even if piece by piece... probably too expensive for any country.
3- physic laws:
if you fired those guns on space, you would start to move away from the target... so on each fire round you would need to correct the velocity and position, quickly wasting all your fuel
So yes, damn details!! :)
Re: (Score:2)
Details, check the damn details!!
1- there is also a agreement to not put weapons on space
2- Money! you would need a HUGE amount of fuel to put something that big on space, even if piece by piece... probably too expensive for any country.
3- physic laws:
if you fired those guns on space, you would start to move away from the target... so on each fire round you would need to correct the velocity and position, quickly wasting all your fuel
So yes, damn details!! :)
I like to think they would be smart enough to fire the shells by dropping them...
In the alternative, you could just fire the guns on both ends of the ship simultaneously...
Re: (Score:1)
Re: (Score:2, Informative)
It isn't what you think - as an isolated network.
There are thousands of connections between the secure net and the unclassified network due to the amount of data that must be transferred. Even where I worked 20 years ago, the amount of data being transferred by tapes was many GB per hour - and tape handling was too slow to keep up.
And the summary is incorrect. The penetration was of an unclassified network. From the article itself:
"The United States on Thursday disclosed a cyber intrusion this year by Russi
Re: (Score:1)
Apparently their definition of "secure network" is different from what I thought it was.
A "secure network", depending on security and networking requirements, may be a "network" that -to be useful- is connected to external resources (thus "bad guys" may attempt to connect), and "secure" enough to detect unauthorized access, so further actions could be taken (i.e., dealing with the "bad guys").
Don't block (Score:1)
If you're know they're in, wouldn't it be better to turn the "breach" into a honeypot?
Let them into a secured system which looks useful, but in reality feeds them bad data.
Re:Don't block (Score:4, Insightful)
You're attributing far more skill and competence than they deserve.
If they couldn't keep them out, no way in hell they could come up with a working deception in a short amount of time.
Kicking them out in "less than 24 hours"? Wow, way to go there guys.
Cyber Options (Score:3)
Sounds like an R-rated 1990s film.
Comment removed (Score:5, Interesting)
Re: (Score:1)
Yeah, because the Russian system of fascist oligarchic cleptocratia works so much better ...
It's looking more and more like the American system of fascist oligarchic cleptocratia. Capitalism lost, because it created too much complacency.
Re: (Score:2)
Cleopatra was ogled in archaic times.
defend? (Score:3)
Carter cited the newly declassified incident during an address at Stanford University, in which he also warned the Pentagon was ready to help defend America's networks and to use cyber weaponry, if needed.
so instead of hoarding exploits you are going to patch them? or will you hold companies liable for poorly written software? or maybe require CS students learn how to write secure software? or publish a free OS that is secure by default?
the Department of Defense was previously named the Department of War for a good reason.
Re: (Score:3)
Don't you get it, it works the American way. Eye for an Eye. One person from a country attacks me, then I am allowed to attack anyone from that country for any reason and in any way, as well as attack all those from that country who would try to stop be attacking some one in that country.
So in computer parlance, let's all play the electromagnetic pulse game because that is really going to work so well for everyone.
The Rocky and Bullwinkle Show (Score:2)
Agent: "Military intelligence. That phrase mean anything to you?"
Rocky: "It sounds like a contradiction of terms."
Help the civillians! (Score:2)
Help the civillians? (Score:1)
The U.S. Joint Cyber-Security Cyber-warfare Cyber Task Force Command Center recommends the following action:
Unplug your computer.
Re: (Score:2)
It seems pretty obvious how they protected themselves in this case, but if you find AV expensive, you won't like it.
They use IDS and IPS systems.
http://en.wikipedia.org/wiki/I... [wikipedia.org]
http://en.wikipedia.org/wiki/I... [wikipedia.org]
Money ... (Score:2)
... is the root of all solutions.
Because "We tell the truth" (Score:2)
Trademark of USG.
Sensors guarding the Pentagon's networks? (Score:1)
Maybe they were looking for evidence of the UFO coverup and the intrusion consisted of logging into a passwordless WindowsNT box. ref [theguardian.com]
"On Thursday, Carter stressed the U.S. military needed closer cooperation with California's Silicon Valley, particularly after high-profile attacks on companies like Sony Pictures Entertainment.
Propaganda (Score:2)
Yawn, Pentagon gets hacked regularly I'm sure. This isn't news - it's been made news because some bigwig wants to demonise Russia, hence scary Russian hackers story.
NSA, CIA of course never hack anybody.