Significant Russian Attack On US Military Networks 270
killmofasta notes an LA Times story on a severe and widespread attack on US military computers that may have originated in Russia. Turns out the military's recent ban on flash drives was a precursor to this attack, which was significant enough that the President and the Defense Secretary were briefed on it. "The 'malware' strike, thought to be from inside Russia, hit combat zone computers and the US Central Command overseeing Iraq and Afghanistan. The attack underscores concerns about computer warfare. 'This one was significant; this one got our attention,' said one defense official, speaking on condition of anonymity when discussing internal assessments. Although officials are withholding many details, the attack underscores the increasing danger and potential significance of computer warfare, which defense experts say could one day be used by combatants to undermine even a militarily superior adversary. ... [A defense official said] 'We have taken a number of corrective measures, but I would be overstating it if I said we were through this.'"
Surely the US military is dumb enough.. (Score:5, Funny)
... to have sensitive systems directly connected to the internet?
Oh , wait...
Re: (Score:3, Insightful)
Ban on flash drives ... doesn't seem they came in through the internet.
(btw : of course the military has computers connected directly to the internet. They created the internet. The remaining systems are only sensitive in the economic sense of the word though)
just my 2c
Re: (Score:3, Insightful)
How do we know this attack even happened?
Supreme Commander/General Eisenhower warned us to be wary of the military-industrial complex's desire to create wars just to keep themselves in business, and we already caught them in a recent lie (WMDs in Iraq that never existed). How do we know this "computer war" happened and is not just another made-up story to try to get trillions more dollars & keep the military-industrial companies employed?
I work for these people, and frankly I don't trust them. I'd per
Re:Surely the US military is dumb enough.. (Score:5, Insightful)
The other side of the coin is like this:
How do we know that it's not retaliation for an attack on Russian computers that originated from US military networks?
When we start hearing news stories about computer attacks from Latvia, Peru, or some small country in the far east perhaps they can be believed. Right now the news is all about attacks from people that the current administration would like to demonize. That makes the believability of these reports a little less than zero IMO. It sounds like pure propaganda at this point. If it is real, it's probably part of a cat/mouse game that we've been playing with them all along. Anyone who has been in the US military knows that we play war games all the time with Russia. Look up news on the USS Augusta, search for news about submarines a week before and after, you'll see that it hit a Russian sub in a bad game of chicken. Why would computer networks be any different? I bet there are teams of IT people that set up honey pot networks just for this kind of war game. It would be stupid to believe otherwise.
Re:Surely the US military is dumb enough.. (Score:4, Insightful)
well the simplest solution is to look at non US news sources. frequently the BBC posts stories about US military hours before american news outlets do. Pull your head out of your arse, and look at some else's news for a while. France while a some what ally will publish news that American news outlets won't as they are considered "sensitive" or not news worthy(read latest actress scandal is more important).
Re:Surely the US military is dumb enough.. (Score:5, Informative)
*sigh* this is just so stupid it's hard to decide where to begin, but I'll try :
When you see an American article, in English, you always see "AP", "AFP" under it. There is a third agency, but it's name escapes me for now.
AP stands for associated press, which is not American
AFP stands for "agence france-presse" which is french.
They cooperate with one another, hardly ever making double coverage, so in practice an article with AP under it might have come from AFP. They both translate those articles in over 30 languages, and give their clients, like cnn, the right to copy them verbatim.
So 1/3rd (in theory, in practice more) of all the news you see has been collected by French reporters, or at least reporters paid by french people.
You will find nearly all news duplicated across the atlantic in practice. Everybody agrees having a singular entity collect all news is a terrible idea. Everybody also agrees that it's cheaper, so it wasn't a contest at all.
Also keep in mind that e.g. during the Israel-Lebanon (or rather Israel vs Lebanese terrorists that Lebanon couldn't (and can't) deal with, who are therefore in massive violation of just about every international treaty by their existence alone), AFP hired a Hezbollah "kolonel" to collect news for them (he had very good access to the battlefield, you see, and he didn't tell AFP about his position). This is then passed of as "impartial" information.
But the sad reality is, there isn't any alternative to them.
Re:Surely the US military is dumb enough.. (Score:4, Insightful)
When you see an American article, in English, you always see "AP", "AFP" under it. There is a third agency, but it's name escapes me for now.
Reuters
Re: (Score:3, Informative)
Do you really believe that this is true? For a start, the world's largest broadcasting news gathering organisation is the BBC, which is British. Secondly, I was under the impression that U.S. news broadcasters mostly ignore international issues an
Re: (Score:3, Insightful)
a few years back when the american Sub hit a japanese fishing trawler, I heard about it from the BBC 3 hours earlier than CNN, FOX, or NBC began to air what happened.
the AP had it but it wasn't news worthy for hours afterwards. I didn't say other news sources wouldn't be biased as well, but if you want to know what is happening in the USA try an external news source first.
Another point the hotel shooting in India. the USA news sources are focusing 90% of their coverage on the 3 americans inside, more or e
Re:Surely the US military is dumb enough.. (Score:5, Interesting)
I'm not sure it matters. Whether US military computers were choosing to load and execute foreign code as a result of a foreign first strike, or a foreign counter-attack, we still have the situation that US military computers are loading and executing untrusted code, and apparently unsandboxed, so that it ended up mattering.
I don't care why it happened at the political level; I care about why it's happening at the computer or operator level. People using "important" computers shouldn't be doing that, nor should their computers be making it easy for them to do that.
No matter why the military computers were attacked, the fact that the attack worked proves incompetence.
Re: (Score:3, Insightful)
Lets also pretend Russia isn't going to finish building Irans first nuclear plant in 2009
Lets not acknowledge that Medvedev just signed a nuclear deal with Venezuela
Lets forget all the recent _obvious_ Russian aggression against the United States and just skip to the part where you make up facts out of thin air about the US attacking Russian computers. Then lets take this big steamy pile of B.s. and mod it plus 5 cause its anti-american and
Re: (Score:3, Insightful)
Well, since your handle is 'Pros_n_Cons' perhaps we should revisit the news:
Georgia started the strife with Russia - not the other way around.
Russia has been trying to get in on Iranian nuclear power to sell them stuff for a long time. The politics of the middle east is complex enough that no slashdot post will explain it all. Russia still needs warm water ports. Iran is a strategically valid place for them. Russia actually offered to help settle the sabre rattling over nuclear power in Iran by assisting wi
Re:Surely the US military is dumb enough.. (Score:5, Insightful)
I don't trust any upper-level manager in any industry, but especially not in DoD contracting, and I certainly don't trust DoD civilians to be honest or competent.
This is taking place during the transition between Administrations, so someone at the DoD hierarchy wants to make a show about how they are "protecting America" when everyone in the commercial sector dealt with the agent.btz trojan quietly months ago.
Re: (Score:2)
"I work for these people, and frankly I don't trust them."
So leave. Obviously, you have no issue taking home a paycheck from the folks you don't trust. Which, by the way is supporting their cause.
"budget into the black"
Sorry, but if it makes it into the black, I want my money back. Zero should be the target, not profit.
Look, it is very necessary to put information to a litmus test. The press doesn't really do it since they inject so much personal agenda it becomes hard to find the "real" facts. However, whe
Re: (Score:3, Informative)
Easy to keep the military systems safe, don't plug them into the internet...that way people all the way from Russia wont be able to hack them if there is no access....it would only be something from within, and this we already have a budget for, not need more money for it as a separate expenditure
Re:Surely the US military is dumb enough.. (Score:5, Interesting)
while i don't doubt that electronic warfare is being actively developed by other nations (i'm sure the U.S. armed forces aren't the only military interested in, or actively developing, electronic warfare tactics), i wouldn't put it past the MIC to exaggerate the risk of electronic attacks in order to manipulate the public. it certainly wouldn't be the first time the public was mislead about our nation's defense in order to funnel tax dollars into unnecessary defense projects. and now with war logistics being an more lucrative than ever through the Logistics Civil Augmentation Program [corpwatch.org] (LOGCAP) and its cost-plus award-fee contracts, even more more private sector companies have a vested interest in seeing a renewed Cold-War-type international tension and corresponding military spending.
it's just too bad Americans never heeded Eisenhower's farewell address [wikisource.org]. of course, if more people working in the defense industry were truly patriotic, they'd all be as morally enlightened as you, and the MIC wouldn't exist.
Re:Surely the US military is dumb enough.. (Score:4, Insightful)
No.
Sorry. No.
That's so wrong it's funny. The whole world didn't believe shit about WMDs. Your government made shit up and then our government (UK) got involved because they thought it was politically expedient.
And the Syria thing? Please. Bullshit to justify US actions in light of the complete clusterfuck that the Iraq thing became.
Re:Surely the US military is dumb enough.. (Score:4, Insightful)
"So 17 UN resolutions referencing WMDs represents what to you, moron?"
History. The Irqi gov't weren't cooperating, but Blix was not convinced they had any WMD when he was pulled out.
"Put the propaganda UK rags down, get some better medications, and go back to middle school and learn something before further poisoning the internet with your ignorance."
Lol. Republitard.
Re: (Score:3, Insightful)
The whole point of the inspections was to make positively sure that Saddam didn't have any. I'm assuming you agree that's better than thinking he probably-maybe-not-sure doesn't then finding out that you're wrong, in the form of a big fireball over some city?
Answer this, if he didn't have any and wasn't in the process of making any, why was he so keen to get rid of the inspectors?
Everybody who says he didn't have WMD (on the basis of what we know now) is just a Monday morning quarterback. Hindsight is al
Re:Surely the US military is dumb enough.. (Score:5, Informative)
Bullshit.
Those of us outside the feverish and patriotic US Propaganda machine could see that machine heavily at work.
Yes it was entirely plausible that Saddam had WMD,
so yes it was expedient to send in inspectors.
When said inspectors turned up absolutely nothing,
that wasn't the answer America wanted to hear, since "Something had to be done about 911!".
The best summary of the Iraq war propoganda machine at work is here:
http://www.pbs.org/moyers/journal/btw/watch.html [pbs.org]
Why should you care? America is now worse than broke, and you spend trillions blowing up a country for no benefit to that country or to the average US citizen.
Re:Surely the US military is dumb enough.. (Score:4, Informative)
http://www.youtube.com/watch?v=diEdNgnzR3g [youtube.com]
Re:Surely the US military is dumb enough.. (Score:5, Insightful)
So 17 UN resolutions referencing WMDs represents what to you, moron?
That is the result of the disfunctional and undemocratic security council where the USA has a vetoe.
Don't confuse security council resolutions for something representing world opinion.
It is the general assembly that is democratic and representative, the security council is a private club.
Re: (Score:3, Insightful)
That is the result of the disfunctional and undemocratic security council where the USA has a vetoe.
Don't confuse security council resolutions for something representing world opinion.
Except when they agree with you presumably, like just before the war.
Re: (Score:2)
"The whole world" did not believe. Only right-wing Americans did.
The rest of the world (where I live) knew it was only bullshit all the time, except for half a dozen Bush-ass-kisser politicians and media pundits.
Re:Surely the US military is dumb enough.. (Score:5, Insightful)
But the whole world believed that Iraq had WMDs
That is so ludicrously wrong you must have been watching american news.
The vast majority of the world did NOT believe that WMD nonsense.
Re:Surely the US military is dumb enough.. (Score:5, Insightful)
There are so many mainstream sources around UNSCOM and the IAEA that have come forward since the Iraq war that the truth is no longer in question. It goes like this:
Firstly, the Iraqi military and economy had been smashed by the first gulf war and subsequent sanctions.
Secondly, Hussein and the rest weren't stupid and clearly knew the US government, public and media were all baying for war.
Thirdly, the UNSCOM inspections were very thorough and even well funded and equipped (largely by the US taxpayer) and had a great deal of success in pressurizing the Iraqi regime into getting rid of what it had left, which in any case wasn't much because it was all so old. Dozens of Iraqi army officers defected through Syria or Jordan and confirmed the story.
Because of all this, successive administrations tried and failed to find a pretext to war. Parent is entirely correct - it's the defense industry wanting cash and the government finding any excuse to pump tax dollars to their well-to-do pals. It's good for the economy, according to the politicians.
What helped most of all to tip the balance in favour of war was when someone or other (probably the CIA) forged a now infamous document purporting to show the sale of yellow-cake uranium by Niger to Iraq. It was by all accounts a hilariously bad forgery and contained many, many obvious errors that clearly showed it could not be genuine. However, the White House released it to the media as genuine, who immediately, without checking it, presented it as causus belli to the trusting public. By the time the IAEA's Mohammed El Baradei announced a couple of days later that it was utterly false, it was too late. Not that the same, supposedly liberal media made a big deal of that.
That, my friend, is how rich, powerful people can manipulate the public into doing whatever they see as necessary, even when it calls for the deaths of hundreds of thousands of normal, working class people on all sides.
Yes they created the internet (Score:2)
But that was before every wannabe script kiddy used it. I would have thought they'd have had a seperate disconnected military network of their own by now.
Re: (Score:2)
It's ALL PROPAGANDA (Score:4, Insightful)
These are professional liars, folks! This is a part of the Military disinformation effort - so publicly trumpeted right here on Slashdot - not so long ago.
If there had been any such REAL significance to this 'attack', do you think that it would be published and publicly acknowledged? There are very minor cold-war-era incidents and slip-ups that are still highly-classified, and never acknowledged.
I suppose this to be a non-event of ordinary malware, that is being used to:
1) Shape public opinion and generate suspicion
2) Justify restrictions on the Internet access/speech of military personnel
3) Profit!
Remember: In Soviet America, Military Network Attacks YOU!
Re: (Score:2)
Did you mean "isn't".
Because right now your "Oh, wait..." is redundant.
They Aren't. (Score:3, Insightful)
The US military is not stupid, and does take systems security very seriously. What would look like ultra-paranoid behavior to a civilian may well be fully justified in the military world.
The reason is simple: any breach, leak, or DoS can result in somebody being killed, operations foiled, or even wars lost.
Security people have to guard against known threats and techniques, which are very challenging, plus unknown ones that nobody has even thought to consider. Being able to trust the technology that they ar
Re: (Score:2)
Oh fuck, I missed:
"We have taken a number of corrective measures, but I would be overstating it if I said we were through this."
=
We can't protect ourself from things like this.
Oblig Windows jab (Score:4, Funny)
Re:Oblig Windows jab (Score:5, Funny)
Actually it was britneynude.exe
Re:Oblig Windows jab (Score:4, Funny)
britneynude.exe
*shudder*
Re:Oblig Windows jab (Score:5, Funny)
Re: (Score:2, Funny)
I offer my services (Score:5, Funny)
$100/hour to install air-gap firewalls on sensitive/classified networks. (Includes rental of scissors.)
Re:I offer my services (Score:5, Funny)
Originating in Russian != Russian National (Score:5, Insightful)
Re:Originating in Russian != Russian National (Score:5, Funny)
Just remember that just because it originated in Russia does not mean that this was a Russian Government attack (though it could have been known about and ignored by them if it wasn't) - it just happens to have been in Russia - the headline is a little misleading in that sense.
But surely there are just evil dudes and dragons beyond our borders jealous about our freedoms (ignore DRM, unwarranted phone snooping, etc for this argument)? I know for sure that there are ice dragons and Igloo dwellers to the north. To the east there is meant to be an old continent, but I am yet to be convinced of its existence. ;)
Re: (Score:2)
Yea we have it tough in America (DRM, IP rights, a well publicized illegal actions by the government). I much rather live in a country that will kill you if you say something unpatriotic loud enough, or just reported it.
Re: (Score:3, Interesting)
Yes, there are countries worse than us, much worse. But, there are also countries better than us. I find it odd that we went from claiming "We're the bastion to freedom" to claiming "We're not as bad as random Muslim theocracies, and some African anarchies, and perhaps China!". We should be striving to be the most free country in the world again, and not just mediocre.
As for all of our other metrics, we're failing. Sure, we're better than Congo, but who isn't (besides the Congo)? Its like murdering som
Re:Originating in Russian != Russian National (Score:5, Insightful)
Re: (Score:3, Insightful)
Re: (Score:3, Insightful)
In this case one should also remember that the US has similar programs that explicitly target Russia and China. And so, perhaps, it would make sense to better protect one's own networks than to blame the Russians and the Chinese for every security breach. Even if they are responsible. Especially if they are responsible. This way the Pentagon may only appear vulnerable, as opposed to vulnerable AND incompetent.
Re: (Score:2)
Not only headline is misleading, RTFA clearly states that source of the malware is not identified.
And this wasnt targeted attack I assume, some stupid fuck just ran piece of malware on secure computer and it spreaded.
Of course to make things big and get money on "cyberdefense" there should be some country to blame.
Re:Originating in Russian != Russian National (Score:4, Informative)
I'm not sure how things work in Russia (if the state owns the networks or not) but wouldn't it be the ISP or bandwidth provider ignoring this?
I know, I know, ISPs can't (and shouldn't) be held responsible for this sort of thing, but just jumping at the Russian government because technically the copper(or fiber, or whatever) exists in Russian territory is a little bit silly IMHO.
Really the only way that we could hold a foreign government responsible for the actions of their citizens on the Internet would be to expect government oversight on all the packets floating around on the networks that exist within their territories. I highly doubt that there are many people on slashdot that would advocate that.
Really, the Internet needs to exist separately from real-world governments. I know that some are in favor of having no regulatory body of any kind on the networks, but I think things are starting to get out of hand. A government that exists for the internet only is starting to make sense, especially since people who have studied traditional, physical-world-based law have generally don't know head from ass when it comes to computer networks.
Re: (Score:3)
Basically, the problems that the network can create are too many and too serious for the governments of the world to ignore. This doesn't mean 'Net Neutrality is impossible, but it means security reforms is going to have to happen sooner
Re: (Score:2, Interesting)
KGB or Spotty Teenagers? (Score:5, Insightful)
I love the way these things are always spun as if they are significant military attacks coordinate by the foreign government or their agents. Is there any evidence that it isn't just a few bored teenagers who happen to live in Russia and think it would be fun to try and hack the US DOD?
Re:KGB or Spotty Teenagers? (Score:4, Informative)
After all that went down in Georgia, I think it proves that there really isn't that much of a difference between the two.
Re: (Score:2)
Re: (Score:2, Insightful)
Re: (Score:2)
90 why pick such an odd number?
The Russian Empire was doing a lot of really bad stuff way before the USSR was even thought of. Of course, the British Empire, the Japanese Empire, the French Empire etc. all imposed by force their rule of law.
Re: (Score:2)
Re:KGB or Spotty Teenagers? (Score:5, Insightful)
And what do you thing has happened in Georgia? To tell the long story short -- Russia has stopped a Georgian assault on its citizens (most people in South Osetia have Russian citizenship) and made Georgia return to negotiations with South Osetia.
The propaganda machine is working very well though. Next you'll tell that the Russians have violated Germany's sovereignty in 1945 and made their democratic elected leader commit suicide.
Re: (Score:2)
Yes, but they were way behind so they were willing to make a deal.
Re:KGB or Spotty Teenagers? (Score:4, Insightful)
It probably is some windows worm or something written by a script-kiddie. But to admit that would be to embarrassing, so they make it out to be a big deal.
Like that poor Brit who was looking for info. about UFOs.
Re:KGB or Spotty Teenagers? (Score:5, Interesting)
It is exactly this vain "cover-my-ass" attitude that makes situations escalate, sometimes up to the point of war. I understand that a bunch of old farts in DoD feel a strong need to justify (or increase) their Cyberwarfare budgets but pointing fingers at an allied country (relations with which are not always easy) in public over a non-issue like this is, imho, going way too far.
Network security by isolation of the critical parts is possible and this whole "cyberwarfare"-bullshit is just driving tears into the eyes of anyone who knows a bit about the subject.
Yes, an attacker could overload and DoS less important/perimeter networks and yes an attacker may able to overtake various individual machines or department networks, e.g. by sneaking trojans onto employee's computers, phishing etc.
If any of that worries you in a national-security kind of way then do your fucking homework and implement appropiate security layers and airgaps already!
A flash trojan is a non-issue because a critical system won't run flash. In fact, a critical system won't even interface with a system that could be taken over in such a way.
Re: (Score:2, Insightful)
If this is the cutting edge of cyber-warfare, then it's quite frankly piss-poor.
And if the DoD defences against this attack are weak enough to be breached then the last thing they should be doing is bleating on about it and drawing attention to the fact.
Re: (Score:2, Funny)
Like that poor Brit who was looking for info. about UFOs.
That Brit was a Red. He gave an interview to the Guardian.
Re:KGB or Spotty Teenagers? (Score:5, Interesting)
To be fair, it's not like when the US reports these attacks to China/Russia they do anything about them to suggest you might be right though.
It's the same with the whole Litvinenko thing here in the UK, we know where the Polonium came from (a Russian lab) we even pretty much know Lugovoi did it but as they wont help whatsoever to put him to trial and have instead put him into their parliament in a position of power it's kind of hard to give them the benefit of the doubt.
Maybe if they actually helped bring these perpetrators to justice we could give them the benefit of the doubt as you suggest, but when they instead protect the almost certainly guilt with no real trial or investigation then it only adds to the idea that the governments of these nations themselves are in fact responsible.
If a bunch of Canadians crossed the US border and attacked the US and then made it back to Canada safely and the Canadian government did nothing about it or even went as far as giving these people places in government as per the Luogovoi/Litvinenko affair then yeah I think most people would still say the Canadian government deserves a lot of the blame.
Don't get me wrong however, I do feel these "cyber attacks" are a little overstated, I hate to say it but it's becoming so common when I read about them I can't help but think "Who cares, stop moaning and either return the favour or learn from it and stop it happening again". As is pointed out here on Slashdot often though, they don't seem to learn from their mistakes and instead simply repeat them over and over. I'm not sure what the US government is trying to achieve with these cries? Trying to make us hate Russia/China? Don't worry their human rights record means a lot of us already do. Trying to get sympathy? Well what for? You're the military, you're the ones who are meant to be dealing with it and so on.
Or in other words, to put it simply- they're all just as bad as each other.
Re: (Score:2)
It doesn't take propaganda to show you that Russia's run by a bunch of corrupt jerks. Their premier is making a big deal about being a big macho tough guy, like shooting tigers [guardian.co.uk] and playing at being USSR version II, invading Georgia, (funny how people around here are all "US imperialism in Iraq! evil! bad!" and won't say a thing about "Russian imperialism in Georgia!"), sending big boats down to Cuba to show off, et cetera. Blah. Whatever. Saber-rattli
Re: (Score:2)
>funny how people around here are all "US imperialism in Iraq! evil! bad!" and won't say a thing about "Russian imperialism in Georgia!" :) Besides, Russian troops have already left Georgia.
Because Russia didn't capture the whole country looking for non-existent WMD's and didn't hang Georgia's president?
Come on, at least pretend you did some research on the topic instead of repeating what the Big Media has conveniently provided to you. Georgian government wanted to strike down the separatism in self-decl
Re: (Score:2)
You've got it all wrong! (Score:2)
Threatening but ultimately harmless attacks are carried about by scary foreign militaries, and devastating wide-scale attacks are carried out by bored spotty teenagers. What don't you watch TV!?!?
It isn't just targeting the US. (Score:5, Interesting)
Anonymous coward here, for a reason etc.
I work with the USAF in a very official capacity in IT and got wind of the flash media ban a while back.
I've been asked to keep quiet about this, but since it isn't classified, and nobody takes slashdot seriously, take this for what it is worth:
We stopped using all flash media on all networks because we can no longer be confident that they do not come from the factory with payloads attached. I've seen entire boxes of flash media from the "amnesty boxes" set up inside USAF buildings sent off to NSA and FBI for investigation.
There are some who think that manufacturers have been infiltrated with the sole purpose of loading malware onto drives. And it isn't that it's specifically an attack on US Gov. computers - it's just that Gov. networks tend to be pretty incestuous, and flash drives are often moved back and forth between multiple computers daily by most users due to the flakiness of CAC (common access card) infrastructure.
So beware.
Re: (Score:2)
What's the point of putting malware if it won't be run? Or did I miss something, and "autorun" actually works on UMS devices in Windows?
Re: (Score:3, Informative)
What's the point of putting malware if it won't be run? Or did I miss something, and "autorun" actually works on UMS devices in Windows?
You did, it does.
Re: (Score:3, Informative)
What's the point of putting malware if it won't be run? Or did I miss something, and "autorun" actually works on UMS devices in Windows?
Yes, it does. But, it's relatively easy to disable.
Use a Microsoft "PowerToys" application to simply disable all drives: Tweak UI [wikipedia.org]. It's only available for XP, at least from Microsoft. There is reportedly a version for Vista from a third-party developer.
Re: (Score:3, Informative)
The ban on flash media was to stop the propagation of a Win32 worm that "spreads by creating an AUTORUN.INF file to the root of each drive with the malicious .dll file."
It was just one of many steps taken to triage infected systems and protect uninfected systems.
It's possible it was an attempt to breach the DoD networks, but it's just as likely and more plausible that it's just another botnet being created.
Re: (Score:2)
Re: (Score:3, Interesting)
Re: (Score:2)
I work with the USAF in a very official capacity in IT
I other words, you're the airman stuck on the Help Desk on the weekends?
I don't know about your story... Not what they tell me here at McChord.
Re: (Score:3, Interesting)
So what had to of happened is some office with a high ranking official was not keeping their protection software up to date or disabled it, both against existing regulations.
They then ran into problem and it spread across their network and they spread the alarm. At that point it got high enough that you got the new requirements.
Good old federal government... (Score:5, Insightful)
The federal government is finally starting to see the fruits of its trifecta of asinine spending policies:
1) Lowest bidder (God forbid we get the best value for the tax dollar, not the cheapest).
2) Standard pay rates that don't take into serious consideration the skills and experience of employees. God forbid we adopt private sector pay policies because that might make us look like we're discriminating if some employees get paid a lot less than others.
3) The fact that it often takes an act of Congress to fire a federal employee.
Like most Northern Virginia-based software engineers, I've worked a federal contract here and there. I've been exposed to incompetence from federal employees that would not be tolerated by almost any corporation. My company actually brought a formal business case for why our government program manager was wrong and her decisions would be a disastrous waste of tax payer money to her bosses. We **pleaded* with them to override her and let our senior engineer do the architecture since she had no idea how to do it.
Guess what? They told us to shut up and get back in line.
There's this myth that the outsourcing of government has ruined the federal government. That's bullshit. Government contractors are often the only people who actually get shit done! We're the ones who actually do much of the heavy lifting because the civil service for so long was allowed to deteriorate into a combination of an affirmative action program and a welfare program for stupid white men.
There are real pockets of genuine competence and intelligence in the federal government, but unfortunately, they're so isolated by the prevailing culture and leadership that it would take a real Leviathan-wrangler at least 2 presidential terms to get any meaningful culling done.
Re: (Score:3, Insightful)
Private sector pay policies? As someone who works in the private sector, I can pretty much guarantee that private sector companies also use standard pay grades. Why is it that everybody thinks that private sector is a bastion of efficiency. I've wor
Re: (Score:3, Insightful)
The US Military does not always choose the lowest bidder. The military is, in effect, a huge welfare program. Many times, we choose the vendor that provides the best social benefit. For instance, the GSA program gives additional weight to women-owned or minority-owned businesses.
As for pay, the military takes teenagers off the street and puts them in charge of some of the most complex systems in the world. When IBM hires a 19yo high-school grad and put him in charge of corporate email servers, then US m
tag MICROSOFT + WINDOWS... again n/t (Score:2)
When will people learn...
Re:tag MICROSOFT + WINDOWS... again n/t (Score:5, Informative)
They don't use a lot of Windows on internal systems in the DoD. As I'm to understand, they run a lot more Linux and Solaris. In the interests of national security, though, all these systems are too close to make a big difference security-wise.
They may have different levels of attackability for circumstances relating to casual attacks and casual computer use (this is where we say "is the default linux installation in X version of linux more or less secure than the default windows installation in Y version of windows?) But when these systems have proper internal security policies set up, it doesn't make a huge difference-- when they are well configured, they're functionally the same.
DoD systems are generally set up so that one is connected to the internal network and one to the external network-- when you want to move a file, you simply use a flash drive. The chances are very good that these are running different operating systems, anyway.
For a coordinated and advanced attack on our DoD network infrastructure it has less to do with what operating systems we are running, which is really just a question of usability and administration time, but moreso broader questions of security policy-- such as where do you get your flash drives?
In short, if one OS was the issue here, this attack couldn't have gotten anywhere. An OS really doesn't mean much when you compare it to the overall security model for the network infrastructure, especially with the physical network restrictions used by the DoD.
The biggest difference for the operating systems for their purposes would be more on features like TPM-enabled drive encryption, etc-- things that would make it more difficult to hack a stolen laptop-- stuff like that.
Russian hackers (Score:3, Interesting)
"may have originated in Russia" is not the same as "originated with the Russian government," of course.
My guess, the attacks are an attempt to turn the vast power of military computer systems into one giant spam-bot.
And, also, just think of all the new Nigerian scam letters that they could pull off with military connections... the "your son was wounded in Iraq and is being airlifted to a hospital in Germany, please send $10,000 to pay for a private room for him" scam will be much more powerful if it issues from a military computer (and, for that matter, much more convincing if the scammer knows the actual name, rank, and next-of-kin of the 'son').
The Americans Should Learn From The Brits (Score:5, Funny)
The British Intelligence have learnt how to avoid infecting their systems with infected flash drives. They leave them on the train where they can't do any harm.
Re: (Score:2)
If that wasn't so true it'd be funny. I did laugh out loud though.
Preparing for the new propaganda (Score:4, Funny)
they "think" it's from Russia (Score:2, Insightful)
So, the other day, i thought that my girlfriend would like the present i gave her... God was i wrong...
Now they think that the attack comes from Russia... That means they're not sure about it at all, they just got a hunch that the attack is from the Russians, they don't say they got proof or anything, they just say they think it's from there...
However, suspicions of Russian involvement come at an especially delicate time because of sagging relations between Washington and Moscow and growing tension over U.S. plans to develop a missile defense system in Eastern Europe. The two governments also have traded charges of regional meddling after U.S. support for democratic elections in former Soviet states and recent Russian overtures in Latin America.
Just because the relations with the Russians aren't that good doesn't automatically mean they'll attack you in Irak...
For all we know, it could be Irakians who would
Not News (Score:4, Insightful)
Reading the article, which has almost no details, I think the LA Times is trying to make news out of nothing. The "senior military leaders" are basically like "senior business executives" who probably have no clue about any actual "attacks". They are just trying to hype up anything they can to increase their budgets.
The actual details they are dealing with is the same as any organization that uses computers and employs people.
What about what the US does? (Score:2, Insightful)
Re: (Score:2)
"That is the odd thing... you never hear about the huge attacks on the Chinese, Russian, North Korean, etc."
Not hearing is not the same as not happening. They may and probably DO not talk about those incidents. We live in a free-er society, and this stuff comes out because our press is marginally functional. That is, when it's not being willingly led by the nose by the current 'cause'. And slamming the current administration is always good business for our press.
I would presume that every government is
"We have always been at war with East Asia" (Score:5, Interesting)
Sorry, couldn't resist.
Also, the CBC [Canadians] are running sensationalist crud on their TV.
Most irritating soundbite from a DHS 'expert':
"Digital Pearl Harbor"
I think they must have run the same quote 3-4 times.
Me? I think the military / DoD is begging for $$$ as usual. What? We didn't bail out the military? Shame!
sigh (Score:5, Insightful)
...experts have not pinpointed the source or motive of the attack and could not say whether the destructive program was created by an individual hacker or whether the Russian government may have had some involvement.
Classic propoganda.
Shame on Julian Barnes of the LA Times and the unnamed senior military leaders.
military level software (Score:2)
OpenBSD & Theo de Raadt (Score:2)
Maybe DARPA shouldn't have pulled funding for OpenBSD research a few years ago. I knew that was going to come back to bite the US DoD in the ass sooner or later.
Re: (Score:2, Funny)
Re:My god. solution is stupidly simple (Score:4, Insightful)
Almost as stupidly simple as reading the freakin' article. Which mentions that flash drives were banned inorder to keep the attack off of SIPRNet computers.
And almost as stupidly simple as banning soldiers from e-mailing and blogging on the public internet that, ummm, their families are on and, ummm, OK, maybe we need publicly accessible DoD computers.
Re: (Score:2)
"And almost as stupidly simple as banning soldiers from e-mailing and blogging on the public internet that, ummm, their families are on and, ummm, OK, maybe we need publicly accessible DoD computers."
Publicly accessible terminals or kiosks that don't contain any pertinent information what-so-ever, and also don't allow flashdrives (since they could, conceivably, contain sensitive information), could be set up in a DMZ to allow personnel to communicate with the "outside world" without security concerns. Sort
Re: (Score:3, Insightful)
RFTA maybe? This infection is specifically designed to put itself on flash drives. I'll leave you to figure out the rest for yourself, since you think you're so smart.
Re: (Score:2)
you want to start a thermonuclear war because of a DDOS attempt?
get real.
Re: (Score:3, Interesting)
I think that, right now, no one is really sure what to do. I don't think that it is a cause for war (traditionally speaking), but it is a violation of sovereignty. I'm not sure what we can do about it at this point aside from defense and counter-offense.
Re: (Score:3, Informative)
On a classified system, the entire computer, and anything that touches it (be it media, monitor, printer, or network) is also classified. There can be no instance of one window being classified and the other not: they are both classified at the same level regardless of content.
You can have an unclassified system running right next to a classified one, but they cannot interact with each other at all.