Search This Blog

Followers

Sunday, August 29, 2010

Pentagon admits it got hacked.

A significant compromise" of U.S. military networks has been acknowledged by the Pentagon two years after the breach was reported in the press.

"In 2008, the U.S. Department of Defense suffered a significant compromise of its classified military computer networks," Deputy Secretary of Defense William S. Lynn III wrote in an article in the September/October issue of Foreign Affairs.

"It began when an infected flash drive was inserted into a U.S. military laptop at a base in the Middle East," he explained. "The flash drive's malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the U.S. Central Command.

"That code spread undetected on both classified and unclassified systems," he continued, "establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control."

"This previously classified incident was the most significant breach of U.S. military computers ever, and it served as an important wake-up call," he added.

Excuse Me, We've Been Hacked

The Pentagon's official acknowledgement of the data breach at Central Command occurs nearly two years after The Los Angeles Times reported the incident in November 2008.

"It's been an open secret in Washington for a long time," James Lewis, a senior fellow at the Center for Strategic and International Studies, told .

"I have no doubts about the authenticity of this account," he added.

He remembered attending a dinner with six people on the night the military discovered the breach when one of the diners from Homeland Security's National Cyber Security division excused himself from the repast after receiving a message on his BlackBerry. "DOD just had a major hack," he recalled the official saying. "I have to leave."

He added that he has heard General Keith Alexander, recently appointed to head the new U.S. Cyber Command, allude to the attack at unclassified forums at the National Security Agency in the past.

Bumbling Spies?

Although in his article Lynn attributes the 2008 attack on Central Command to a foreign intelligence agency, that has been challenged in some corners of Cyberspace.

Citing an anonymous source, Wired magazine reported that the military has never been sure who was responsible for infecting Central Command's networks.

"Some guys wanted to reach out and touch someone," the source told Wired. "But months later, we were still doing forensics. It was never clear, though. The code was used by Russian hackers before. But who knows?"

The malware originating from the infected USB drive was dubbed "Agent.btz." It's a variation of the SillyFDC worm. According to Wired, the worm's ability to compromise classified information is limited because it requires open access to the public Internet to work effectively.

"SIPRNet, the military's secret network, and JWICS, its top secret network, have only the thinnest of connections to the public Internet," Wired explained. "Without those connections, intruders would have no way of exploiting the backdoor, or indeed of even knowing that agent.btz had found its way into the CENTCOM network."

That raises the question of why foreign agents would try to infect a military network with a worm that would have very little chance of producing anything useful.

Scary Situation

Although the worm infecting Central Command's computers doesn't appear to be anything exotic, it still took military sanitizers 14 months to clean up the infection. That is frightening news to some computer security pros.

No comments:

Post a Comment