http://www.foxnews.com/politics/2008/11/20/pentagon-cyber-siege-unprecedented-attack/

The Pentagon has suffered from a cyber attack so alarming that it has taken the unprecedented step of banning the use of external hardware devices, such as flash drives and DVD's.

http://www.foxnews.com/politics/2008/11/21/source-cyber-attack-pentagon-come-china/

The cyber attack on the Department of Defense that has led to a ban on the use of external hardware devices could have come from a number of foreign countries, possibly Russia, though the military is dismissing earlier reports that China was the source of the threat. :confused:

Richard's $.02 :munchin

Like I always say "Never let your guard down"

This is not new but it must have been a good one this time. Russia has shown a good capability at this. China is also good at Cyber warefare. We get hits at my office from China and NK on a weekley basis. Keeps the Tech staff working and gives them job security.

Since when is banning flash drives an "extraordinary" step? There definitely is a trend to do that to prevent IP theft from corporations.

Since when is banning flash drives an "extraordinary" step? There definitely is a trend to do that to prevent IP theft from corporations.

I'll have to ask my son-in-law. He's at Northrop-Grumman and I thought he told me they have just mandated that ALL TRANSPORTABLE company data be stored on flash drives with mega-encryption.

We were talking, a while back, about his frequent travels and the TSA statement that they can confiscate & copy anything you carry thru an airport for no reason..

Their encryption level renders the flash drive useless to anyone, even if one was to disassemble the stick and attempt to install the mem chip in another system..

That may be the thread with the Pentagon,, They can't tell what is in the flash-drive,, so they ban the use???

In the case of DVDs and JPEG pictures, they have a long history of hidden data and unless you know where to look, it is almost impossible to find.

So,, there is precedence,, geeks have known it for years... :eek:

Problem is the physical size of the latest commercial Micro-SD is very very small and can carry 64GB. That is equivalent to my complete system, with 20,000 pictures and movies :eek:

http://en.wikipedia.org/wiki/MicroSD

Just read thru the articles,,, The threat was perceived to be somewhere on the GIG,, It could have been any PC connected in the Sand Box or any PC on any US military base or Embassy, in the world...

A couple of nights ago on the Discovery Channel there was a documentary (sorry I cannot remember the name of the program) about the threats of a cyber attack - viruses in particular - and as mentioned it is feared that such attacks will come from China or Russia.

The documentary mentioned the blackout that the eastern US and Canada had a few years ago and while it was classified as human error, this documentary argued that the power failure was due to a cyber attack.

It is unbelievable just how reliant we are on computers. The show concluded that the next world war will not be fought using bombs or weapons, but will be launched using computers.

As always I took the documentary with a grain of salt, but it was a little unnerving when they filmed a hacker break into a large international bank in about five minutes.

Cyber-threat was always an issue in NATO by the anti-war at any cost crowd; at that time it was mostly Dutch cyber-weenies attempting to break our systems.

Richard's $.02 :munchin

If they want to get serious they need to eliminate the people working from home. Their reliance on CAC readers to protect their network is absurd when you look at all the people that don't use firewalls on their personal PCs.

If they want to get serious they need to eliminate the people working from home. Their reliance on CAC readers to protect their network is absurd when you look at all the people that don't use firewalls on their personal PCs.

They also refuse to extend the anti-virus and firewall protection license to retirees and contractors, although they have access to AKO.

TR

If they want to get serious they need to eliminate the people working from home.

No can do. National Security Presidential Directive 51 and Homeland Security Presidential Directive 20 mandate government agencies (including DoD) to establish, exercise and update Continuity of Operations (COOP) plans, to include social distancing and alternate work location operations.

No can do. National Security Presidential Directive 51 and Homeland Security Presidential Directive 20 mandate government agencies (including DoD) to establish, exercise and update Continuity of Operations (COOP) plans, to include social distancing and alternate work location operations.

Ok, I can understand the need for spreading out or critical resources. I'm talking about the contract companies that have their employees working from home. Programmers, sysadmins, etc., that have access to the network. I know of 2 contractors who had their systems compromised while on CAC. The only repercussions from this was the offending parties had to re-take the IA classes and promise to secure their systems.

Also, the IA reqs say that if you work from home you are supposed to have anti-virus software, working firewall, and a seperate and securable workspace; i.e. secure room. Very seldom, if ever, is this verified.

I notice that some of my acquaintances use wireless equipment, but fail to enable encryption, thus putting all of their traffic in the clear. Depending on permissions on their machine, files could be removed or added by others. In addition, the low-end firewalls included in home routers have a default password; sometimes, people don't change it. So even someone in general compliance with the regulations mentioned could have a system that wasn't secure.

But there is a deeper problem. Viruses are programs, so new ones can be written - which means that virus detection software cannot find any signature for the virus. That means that only the behavior of such software might trigger an alert - but since the software is widely available, a clever programmer might create an exploit, test it against off-the-shelf virus software, and then introduce it into a target network. There are freely available virus creation workbenches. An unsophisticated user can point, click, and create a custom virus - then share it. Of course, actions that interfere with systems are illegal - but creation of the virus is not.

I hasten to add that I am not giving away any secrets here. All of this is in the public domain on the web, easily accessed by everyone.

I'm talking about the contract companies that have their employees working from home. Programmers, sysadmins, etc., that have access to the network.

I agree that folks like you mentioned above, with enhanced network permissions and such should only be able do get to that access when physically on-site. Not being able to check and deal with work e-mails from home or while on the road/on vacation, however, is a substantial PITA and eats up valuable at-desk man hours that the good ol' US taxpayer is paying a pretty price to have wasted.


Also, the IA reqs say that if you work from home you are supposed to have anti-virus software, working firewall, and a seperate and securable workspace; i.e. secure room. Very seldom, if ever, is this verified.

I have to back up TR's gripe on this one. Perhaps if DoD would stop treating contractors and retirees as second-class citizens in regards to licensing and purchase deals on AV, firewall, anti-spyware, USB drives with encryption and other protective hardware and software, there would be fewer breaches. If it touches your network, its a vulnerability, and its usually a hell of a lot cheaper to buy prevention than it is to pay for a clean up.

Since when is banning flash drives an "extraordinary" step? There definitely is a trend to do that to prevent IP theft from corporations.

I can tell you that there will be a great deal of unclassified work that used to be done at home or on the road and was uncharged to the government that will now only be done at one's desk and will be fully charged.

A computer-savvy guy here said that this was a low-risk problem that would have been caught had the Army used something other than a cheaper version of Norton- and that there was a patch out for this problem 5 months ago, but no-one bothered at DA to get it. Don't know if that is true- but I think it was "Wired" that said this seemed like overkill.

I suspect we'll be hearing a lot more about this.



Ottawa's Rafal Rohozinski helped uncover an international espionage plot that has infected computers in high-ranking offices around the world. Now the sought-after expert is warning the world about the cyber wars to come.

OTTAWA — In recent days, Rafal Rohozinski has found international law enforcement officials and high-tech security experts keen to pick his brain.

The 43-year-old chief executive of the SecDev Group, an Ottawa-based computer consultancy, has been jetting to jangle the alarms about the next big thing in cyber-espionage.

He's become a go-to guy ever since he and his colleagues in Canada and abroad revealed the GhostNet, a covert network of more than 1,300 compromised computers worldwide in foreign affairs ministries, embassies, news media and international organizations, including the offices of the Dalai Lama.

The hackers, linked to servers in China, gained total control of the infected machines. They could download files and even activate microphones and web cameras.

Thanks to the GhostNet probe, which also included investigators at the University of Toronto's Citizen Lab, Rohozinski has been making quick converts to the proposition that what happened is nothing less than the way in which war will increasingly be waged.

Source (http://www.ottawacitizen.com/Technology/GhostNet+Buster/1532973/story.html)


China's global cyber-espionage network GhostNet penetrates 103 countries
A vast Chinese cyber-espionage network, codenamed GhostNet, has penetrated 103 countries and infects at least a dozen new computers every week, according to researchers.


By Malcolm Moore in Shanghai
Secondary Source (http://www.telegraph.co.uk/news/worldnews/asia/china/5071124/Chinas-global-cyber-espionage-network-GhostNet-penetrates-103-countries.html)