Saturday, March 08, 2008

Making Our Nation Safer -- By Relying On Windows!

Ars:
On June 22, 2007, Defense Secretary Robert Gates acknowledged that the Pentagon's network had been successfully attacked the previous Wednesday, and that this attack was responsible for a disruption in email service to some 1,500 Pentagon employees. At the time, Gates downplayed the attack, saying that it affected only the OSD's (Office of the Secretary of Defense) non-classified e-mail service and that there was "no anticipated adverse impact on ongoing operations." It seems that the adverse impact of the June attack may have been much greater than Gates' early guidance implied. According to a top DoD technology official quoted at GovernmentExecutive.com, the thieves behind that attack seized an "amazing amount" of data.

New details on the attack itself have become available in the months since it occurred. According to Dennis Clem, CIO of the Pentagon and the OSD, the intrusion was first detected during an IT restructuring that was underway at the time. By the time it was detected, malicious code had been in the system for at least two months, and was propagating via a known Windows exploit. The bug spread itself by e-mailing malicious payloads from one system on the network to another. The messages themselves were spoofed and appeared to be legitimate missives from other employees. Once the recipient opened an infected e-mail, the worm sent that person's password and other login credentials back to home base.

The government isn't saying what, exactly, got stolen. There's no evidence to contradict Secretary Gates' claim that the classified e-mail system remained unaffected, but data that Clem describes as "sensitive" was accessed and encrypted before being transmitted to the hackers' location. As for where that location might be, unconfirmed reports point towards China's People's Liberation Army. China, of course, has vehemently denied any knowledge or responsibility. The Pentagon has stepped up its network protection since the intrusion, and added additional protection in the form of smart cards and digital signatures. Such security measures are the ultimate example of closing the barn door after the horse is gone, but should at least make further intrusions more difficult.
(Emphasis added.)

The rest of the story is here.

No comments: