Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

Skip to comments.

When things go wrong keep it quiet? What the hell were these people thinking?
coachisright.com ^ | OCTOBER 15TH, 2011 | Jim Emerson, staff writer

Posted on 10/15/2011 9:36:58 AM PDT by jmaroneps37

For the last two weeks Air Force computer specialists have been battling a computer infection of ground based computers that control drones operating over the Mideast. The administration specialists at Creech AFB, Nevada wanted to keep the incident quiet till they could eliminate the virus by themselves.

Instead of asking for help the command was overwhelmed by a virus that couldn’t be easily removed. Because of the time wasted it may take a while before the extent of the infection is known and what systems have been compromised.

Keylogger

The virus affecting the ground stations was a “keylogger” virus. A keylogger is an almost unnoticeable spyware that monitors key strokes and control clicks and sent the information to an external host computer. This virus had been found on several unclassified and classified computers. As of this time investigating officials haven’t determined how the virus was introduced into the network. Because of the time wasted in trying to remove the infection the so-called smoking gun will be difficult to discover.

The keylogger virus on the Creech computers are most likely Kernel-based or rootkit based virus which are most sophisticated and the most difficult to remove. The virus was most likely delivered by a Trojan that is behaving as a benign file.

To date it is not known if the virus has damaged any systems or transmitted recorded keystroked to an external host. Such an attack should of have been reported to the 24th Air Force, Cyber Command, but it wasn’t. The Air Force needs to know that one of its vital systems has been compromised.

How did Cyber Security know?

The Air Force’s cyber security specialists were surprised ……. learned about the virus infection in the pages Wired.com.

The Air Force’s cyber command had to admit……

(Excerpt) Read more at coachisright.com ...


TOPICS: Government; Military/Veterans; Science
KEYWORDS: cyberattacks
Didn't we just suffer the loss of two war figherts KIA because of this virus? Why did these people think they should/could fix this by themselves? The incompentance makes you want to scream.
1 posted on 10/15/2011 9:37:02 AM PDT by jmaroneps37
[ Post Reply | Private Reply | View Replies]

To: jmaroneps37

Looks like the virus got onto the system through USB drives. Its attempts to notify an external system will be in vain, however it is a lousy security design to assume that no external media will ever be introduced to the system. That’s how viruses worked in the early days, although through diskettes rather than our modern USB drives.


2 posted on 10/15/2011 9:43:06 AM PDT by HiTech RedNeck (There's gonna be a Redneck Revolution! (See my freep page) [rednecks come in many colors])
[ Post Reply | Private Reply | To 1 | View Replies]

To: jmaroneps37
Military weapons systems should not be using Windoze.

Period.

3 posted on 10/15/2011 9:44:10 AM PDT by E. Pluribus Unum ("Government does not solve problems; it subsidizes them." --Ronald Reagan)
[ Post Reply | Private Reply | To 1 | View Replies]

To: jmaroneps37
Didn't we just suffer the loss of two war figherts KIA because of this virus?

I haven't heard about this. More info please.

4 posted on 10/15/2011 9:47:30 AM PDT by Doe Eyes
[ Post Reply | Private Reply | To 1 | View Replies]

To: E. Pluribus Unum

Computer systems that should NEVER, EVER, be Microsoft Windows bases:
DoD
Homeland Security
Department of Energy
National Power Grid


5 posted on 10/15/2011 9:50:40 AM PDT by Bryan24 (When in doubt, move to the right..........)
[ Post Reply | Private Reply | To 3 | View Replies]

To: E. Pluribus Unum

Computer systems that should NEVER, EVER, be Microsoft Windows bases:
DoD
Homeland Security
Department of Energy
National Power Grid


6 posted on 10/15/2011 9:50:58 AM PDT by Bryan24 (When in doubt, move to the right..........)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Bryan24
Computer systems that should NEVER, EVER, be Microsoft
Windows bases:
DoD
Homeland Security
Department of Energy
National Power Grid

...or anything else!

Cheers!

7 posted on 10/15/2011 10:07:35 AM PDT by grey_whiskers (The opinions are solely those of the author and are subject to change without notice.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Doe Eyes
That statement is not correct. The blue on blue incident was due to human error, not this virus.

The command in question had been treating the symptom (removing the virus) without finding the cause (a specific infected drive used to bring data from another base.)

8 posted on 10/15/2011 10:08:29 AM PDT by USNBandit (sarcasm engaged at all times)
[ Post Reply | Private Reply | To 4 | View Replies]

To: jmaroneps37

So we gave in to Bradley Manning’s agenda, but we learned nothing from his crimes. Great job, bureaucrats.


9 posted on 10/15/2011 10:21:52 AM PDT by wideawake
[ Post Reply | Private Reply | To 1 | View Replies]

To: USNBandit
http://www.latimes.com/news/nationworld/world/afghanistan/la-fg-pentagon-drone-20111014,0,5628010.story

This what I was referring to Sorry my mistake.

10 posted on 10/15/2011 10:24:29 AM PDT by jmaroneps37 (Conservatism is truth. Liberalism is lies.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Bryan24
Windows XP is extremely prevalent in command and control computers, from the Aegis systems to even the rides at Disneyland. Tens of millions of systems which perform critical real time command and control where people are at risk at any moment, and all at risk of being infiltrated by a virus.

Disneyland provides the model for the military in this - each command system has physically taped to the computer a set of restoration discs to return the system to certified state in case of malfunction or infection. If there is a concern, the system is restored from those discs, and if there is a hardware failure, those discs can restore the image to another computer for immediate repairs.

The certification of classified machines is the problem here. A computer restored from backups must be re-certified before it can hold classified information again. Whereas an image of that machine at time of certification, as well as restoration of secure documents from the server, means that downtime in the event of an intrusion such as a virus can be mere hours rather than weeks.

And it would take very little to secure these machines against USB intrusions. A change in government procurement to require machines certified for government service to include a small cut out in the USB connectors so that a physical lock can be installed on all USB connections that are unused, and a further requisition for keyboards and mice that physically lock into place would nail down a lot of these problems. File transfers to USB dongles could be accomplished through a read only host server and prevent these USB devices from ever mounting as system discs.

Any time a system puts barriers in to prevent local and swift correction of problems, they open the door for a breakdown in the secure system itself. A buck's worth of backup DVDs could have restored these systems, and cheap locks on usb ports could have prevented the intrusion in the first place.

11 posted on 10/15/2011 10:30:28 AM PDT by kingu (Everything starts with slashing the size and scope of the federal government.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: jmaroneps37

Weld up the USB ports, cut off the antennas and make the network closed.


12 posted on 10/15/2011 10:33:19 AM PDT by Paladin2
[ Post Reply | Private Reply | To 1 | View Replies]

To: kingu

Swappable HDs would make the restore only a matter of a few minutes.


13 posted on 10/15/2011 10:36:12 AM PDT by Paladin2
[ Post Reply | Private Reply | To 11 | View Replies]

To: jmaroneps37
The key logger in question was evidently a virus targeting online poker play. It was looking for usernames and passwords. Unfortunately, some user must have plugged that portable drive into a computer it wasn't supposed to get plugged into.

DOD has been hit numerous times during this war due to the activities of its users. This is a an example of a user using a storage device for classified and unclassified data, a huge no no.

One solution would be mobile storage that will only work between client computers and won't connect on those without client software. Another would be a drive that logs the MAC addresses it is plugged into, but that would require auditing.

14 posted on 10/15/2011 11:02:13 AM PDT by USNBandit (sarcasm engaged at all times)
[ Post Reply | Private Reply | To 10 | View Replies]

To: jmaroneps37
Didn't we just suffer the loss of two war fighters KIA because of this virus?

When? Do you have details?

15 posted on 10/15/2011 11:14:21 AM PDT by TankerKC (One of the lessons of 9-11 was that evil is real...and so is courage. -George W. Bush 9-11-11)
[ Post Reply | Private Reply | To 1 | View Replies]

To: jmaroneps37
Didn't we just suffer the loss of two war figherts KIA because of this virus?

A Marine and a Navy medic killed by a U.S. drone airstrike were targeted when Marine commanders in Afghanistan mistook them for Taliban fighters, even though analysts watching the Predator's video feed were uncertain whether the men were part of an enemy force.

You're a damned liar.

16 posted on 10/15/2011 11:17:09 AM PDT by TankerKC (One of the lessons of 9-11 was that evil is real...and so is courage. -George W. Bush 9-11-11)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Paladin2
Weld up the USB ports, cut off the antennas and make the network closed.

I'll bet it came in via sneaker-net.

17 posted on 10/15/2011 11:27:23 AM PDT by Uri’el-2012 (Psalm 119:174 I long for Your salvation, YHvH, Your law is my delight.)
[ Post Reply | Private Reply | To 12 | View Replies]

To: jmaroneps37

I don’t get how a classified computer can be connected to the outside world. It wasn’t allowed when I was working in a SCIF in the Air Force (1993-95 timeframe).


18 posted on 10/15/2011 11:28:23 AM PDT by hattend (If I wanted you dead, you'd be dead. - Cameron Connor)
[ Post Reply | Private Reply | To 1 | View Replies]




Click the Pic               Thank you, JoeProBono

Gary and Harriet Had a Talk
They Kissed and Made Up Again

Follow the Exciting Adventures of Gary the Snail!


Abolish FReepathons
Go Monthly

If every FReeper and Lurker gave just $7 a month
We could end the FReepathons

19 posted on 10/15/2011 11:36:28 AM PDT by TheOldLady (FReepmail me to get ON or OFF the ZOT LIGHTNING ping list)
[ Post Reply | Private Reply | View Replies]




Click the Pic               Thank you, JoeProBono

Gary and Harriet Had a Talk
They Kissed and Made Up Again

Follow the Exciting Adventures of Gary the Snail!


Abolish FReepathons
Go Monthly

If every FReeper and Lurker gave just $7 a month
We could end the FReepathons

20 posted on 10/15/2011 11:36:41 AM PDT by TheOldLady (FReepmail me to get ON or OFF the ZOT LIGHTNING ping list)
[ Post Reply | Private Reply | View Replies]

To: AdmSmith; AnonymousConservative; Berosus; bigheadfred; Bockscar; ColdOne; Convert from ECUSA; ...

Dangerously incompetent:
Image and video hosting by TinyPic "Nonsense! My plans are working perfectly!"

21 posted on 10/15/2011 12:10:34 PM PDT by SunkenCiv (It's never a bad time to FReep this link -- https://secure.freerepublic.com/donate/)
[ Post Reply | Private Reply | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson