Cyber Attack Spurs Thumb Drive Ban

Cyber Attack Spurs Thumb Drive Ban

By Colin Clark Friday, November 21st, 2008 3:22 pm
Posted in Cyber Security, Policy

Our friends at DefenseTech.org feature an excellent piece about a cyber attack on the U.S. military. The attack finally led to the military banning thumb drives and other portable memory tools from use on military networks.

The article is by Kevin Coleman. Here it is:

The Pentagon has suffered a direct hit from a cyber attack. The weapon used is said to be a hybrid computer worm/virus. Insiders say the hybrid rapidly spread through the thousands of interconnected defense computer networks. A computer worm is different from a computer virus. A worm is thought to be more dangerous because it can run itself where as a virus needs a host program to run. The DoD responded quickly and has taken steps to slow the advancement of the worm/virus by quarantining networks and systems until the worm/virus can be removed.

Cyber investigators have not pinpointed the entry point for the worm/virus, but insider sources point to removable storage devices as the most likely point of infection. This seems to be supported by the fact that U.S. Strategic Command has banned the use of removable media (thumb drives, CDRs/DVDRs, floppy disks) on all DoD networks and computers effective immediately. This incident has been deemed so severe that unprecedented defensive measures have been instituted to protect the military systems.

Oddly enough, all Internet users are being warned to stay vigilant by security experts who believe that Monday, Nov. 24 is poised to be the worst day of the year for computer attacks.

Security experts at Spy-Ops I spoke with said, “If this can happen to the Department of Defense it can happen to any organization.” They went on to say that the cost of this attack could easily reach into the billions of dollars if the worm/virus destroys data. If that’s not bad enough, one expert went on to say that the nightmare scenario is if the malicious code alters data rather than deleting it — a much more difficult problem to resolve.

News of the cyber attack came on the heels of today’s release of the “Global Trends 2025: A Transformed World” document by the Office of the Director of National Intelligence. The document stated that non-military means of warfare, such as cyber, economic, resource, psychological and information-based forms of conflict will become more prevalent in conflicts over the next two decades.

While the source of the attack remains classified, the usual cast of characters comes to mind. At the head of the list are of course China and the RBN — Russian Business Network. If the attack is found to be sponsored by another country, could this be considered an act of cyber war?

This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.

Join the Conversation

DensityDuck November 21st, 2008 at 5:00 pm

er…link?

John November 27th, 2008 at 10:34 am

As a contractor trained by “The Agency” in Computer Security way back in the late 80’s, the issue is lack of cross training AND REQUIREMENTS within the (too) numerous agencies of the Government. Back then (80’s)our facility banned the use of removable storage media PERIOD.

When, oh when will there be a uniform set of rules across the spectrum.

Thunderhorse19 November 27th, 2008 at 1:00 pm

Sounds like more fear-mongering and propaganda from the Pentagon and US Strategic Command snollygosters. Since 2003, the Pentagon under the Bush adminstration has spent over $250 million cyberattacking numerous websites including Yahoo, Craigslist.org, Huffington Post, Washington Post, New York Times, MilitaryCorruption.com and thousands of Americans. 

I think the Pentagon and StratCom need to concentrate on Bush’s wars and stop the disinformation, propaganda and fear-mongering of the unpopular Bush administration. Oh and hey, StratCom…the American people are NOT the enemy.

coyote November 27th, 2008 at 1:03 pm

I understand why the DOD banned the USB devices as a emergency defense move however they can and should do the following moves.
The DOD should instruct their admins to push a script to scanner any USB device that connects to the computer to stop any virus. The other thing is to push a script to encrypt any data placed on the USB device.
IT security personnel need to start thinking out of the box.

Thunderpony19 November 27th, 2008 at 1:11 pm

Hey dips**t where’s the proof of your assinine comment? Sounds like Yahoo, Craigslist.org, Huffington Post, Washington Post, New York Times, MilitaryCorruption.com and thousands of Americans infested your neo-lib brain.

Mike November 27th, 2008 at 2:07 pm

The major trouble is the method of enforcement of this ban. All USB ports that were not actively in use have been disabled. There is supposedly an 8-page application for exception, but we can’t even get a copy of it. 

With the USB ports disabled, we cannot connect intermittent devices like bar code scanners or digital cameras used in our daily work. Worse, we must keep all files we expect to use either on our computers or on the file server, even files with personal data like performance appraisals. Which is more secure from hackers, removable media in my pocket or the files stored on a computer?

Ian G November 27th, 2008 at 7:16 pm

The Pentagon better get your act together. These cyber attacks are coming from all sides (China, terrorists groups, Russia, and hackers within our country).

These organizations or individuals are testing our networks for cracks in the system to shut down the most secure and sensitive networks protecting our country.

The DOD should be recruiting more Geek-mo’s in its ranks.

SSGDave November 28th, 2008 at 12:25 am

It’s about time this was actually Recognized, instead of being ignored-it’s Always been against “the rules” to have or bring a thumb drive to the Meps, but lo and behold-we had a former Cpl USMC bringing one Every Day to bypass the IT security to play video games on the supposedly “secure” network-it blocks everything else, including some news from NMSNBC, but here he was, playing online, going to blocked sites-and we Never were believed-we even got told to “stop Whining” about it-so how many Other “Favorites” got away with this before the world came crashing down? Time for the Rules to apply EVENLY, supervisors!!

David November 28th, 2008 at 11:30 am

Let’s see…we’re buying chi-com built computers, chi-com built discs, chi-com built thumb drives, chi-com built laptops; we know that since the mid 90’s that the chi-coms have built back doors into the stuff they’re selling us; at least the Seagate hard drives. We have an “ex” chi-com major in charge of computer security for the Pentagon; I don’t see why we’re having any problems here. After all, like our passion for walmart crap we’re getting it cheap. Our gubmint is certifiably insane, but the payoffs at high levels are great. More on the problem here:
http://www.worldnetdaily.com/index.php?fa=PAGE.view&pageId=43893
http://www.worldnetdaily.com/index.php?fa=PAGE.view&pageId=1768
http://www.worldnetdaily.com/index.php?fa=PAGE.view&pageId=1770

To quote Forrest Gump, “Stupid is as stupid does, sir”.

NumberOneD November 28th, 2008 at 1:21 pm

Coyote has the right idea:

quote
I understand why the DOD banned the USB devices as a emergency defense move however they can and should do the following moves.
The DOD should instruct their admins to push a script to scanner any USB device that connects to the computer to stop any virus. The other thing is to push a script to encrypt any data placed on the USB device.
IT security personnel need to start thinking out of the box.
unquote

Sam Waite November 29th, 2008 at 7:27 pm

What really happened? Here is the poop scoop.
Red Chinese agents/operatives in a coordinated operation from Illinois to Wash DC pulled off a simple attack against human behavior that involved USB Thumbdrives. They took a page from the obnoxiously impolite U3.com Software Bozos. 

How did they do it?
The PLAN obtained thousands of colorful USB Thumbdrives, loaded them with only four targeted maleware apps, dropped them in the wee hours of the morning across the parking lots of the Pentagon, State Dept. and many other DoD work places. The federal employees being the dumber than a bag of rocks category, almost to a person picked up those brightly colored fobs, pocketed them with a wonderful ‘I got something for free’ smile and inserted them into their work PC’s. Ooops!!! 

The reality zone.
This would not have been a problem except the US Army, Marines and the Navy to a lessor extent are not very good about disabling AutoStart on their desktops. The USAF disabled AutoStart in 2003 as part of their Standard Desktop.
IF the Pentagon are mostly fools… The DOD brass-hats and bottoms must PUNISH ALL for their crimes of stupidity. With a nudge from all of our 3-level military and contractor NetSec/CompuSec Barbie and Ken dolls, we have a public relations fiasco and well deserved derision.
Therefore the ban on all USB Thumbdrives and other types of removable media. Whereas dozens of worse Windows computer security nightmare issues are allowed to languish without resolution or mitigation. My favorite is the must save money at all costs stupidity that permits contracting out key security duties while allowing the contractors to summer hire green carded foreign students and giving them Network/Domain Administrator Privileges when they won’t grant even local-machine Admin. privileges to a long-time Federal Engineer or Scientist with a Top Secret clearance. 

Riddle me this batmen and girls? How does a ban on USB Thumbdrives solve the problem of fools and idiots inserting a foreign-unknown source USB Thumbdrives into government computers? 

My hat is off to the Reds for a successful op. Although at the same time I wish that we could catch them all and hang them… As for all of the Forrest Gumps with stars and chickens on their shoulders at the Pentagon, how much you wanna bet that none of these bricks (as in dumber than) suffer for this fiasco? As for the pallet of bricks at Foggy Bottom, well the name “State Department” is a synonym for “foolish”.

MacMan December 4th, 2008 at 11:04 am

As long as the USG and the DOD remain tied to the security plagued OS (Windows), banning thumb drives is only a band-aid solution.
Windows is a security nightmare and an IT professional of 25 years I see more and more DOD and USG departments moving to Mac OS.
And it’s high time too.

Tim December 4th, 2008 at 2:43 pm

MacMan — well said, amen. What’s even worse is that they are now going to try and shove Vista down our throats. The only thing saving us from that is the fact that they will have to buy all new PCs again, but they don’t have the funds for that. I’ll take Mac or Linux anyday over that POS Microsoft.

MacMan December 4th, 2008 at 3:36 pm

Tim, the stakes are so great how can the USG NOT afford to buy all new Apple hardware?
That stuff comes with Mac OS X, with a little tweaking, is tamper-proof from inside and outside.
You can take that to the bank!

SeabH December 21st, 2008 at 10:20 am

I have to laugh at all the comments here. This has been good entertainment this morning while I drink my first cup of coffee.

Removable media is a management problem. We (all users) have moved to this state of complacency where we use removable media to be more ‘portable’ as we relocate between various workstations and sites. The issue simply is compliance.

Systems are to be protected by various CND tools with specific configurations. The use of removable media is (was) a decision left to local authority. Local authority is responsible for the implementation of the use of this media. 

Sounds like we got too lazy. Sounds like we did not follow best practices or local policies (if there was one to begin with).

This is what happens when we take CND for granted and get lazy.

Chris December 23rd, 2008 at 10:33 am

David. I don’t think China could put a back door into the hardware they are manufacturing. They do not design any of it. In fact, allot of the design is done in the US. Also, back doors are usually encoded into software. Not saying it is impossible to have a hardware exploit, but it would be difficult.

nowununo February 23rd, 2009 at 7:41 pm

Citing Mac OS as an INFOSEC solution is like suggesting front-wheel drive as a solution for traffic fatalities. Favoring designs that keep the user stupid are, indeed, successful in that respect…

sinlock March 13th, 2009 at 4:45 pm

well what a sensationalist article.

I have been informed by an insider with knowledge of this incident that the event in question was a an Army colonel that enjoyed scantilly clad women and had a slew of it on a thumb drive with a bit of unknown malware seeded on it as well. Most likely a sample retrieved either via a P2P network or picked up at a adult site. Either way, so what, a worm or code gets on to the SIPRNET now what. Well if you knew anything about worms you would know that One they propagate usually by scanning for vulnerabilities and then exploiting them. Well if nodes are the SIPRNEt are not patched for microsoft and other vulnerabilites then shame shame. Secondly even if a much of machines did get compromised on the SIPR. data stealing malware HAS TO ACTUALLY EXFIL IT TO SOME LOCATION. most likely the hard coded domains/ip addresses in the binary would be unroutable or have not gateway out to the Internet. (better not have a gateway) SIPR should be completely physically seperate. 

Check out this website I came across. This guy has a few interesting ideas on how to prosecute cyber war.

www(.dot)conanthedestroyer(.dot)net

*required

Spam Protection by WP-SpamFree