Skip to comments.'Pentagon's computer network was breached by foreign power' (most serious breach ever)
Posted on 08/25/2010 8:55:41 PM PDT by VRWCTexan
A foreign spy agency pulled off the most serious breach of Pentagon computer networks ever by inserting a flash drive into a U.S. military laptop, a top defense official said Wednesday.
(Excerpt) Read more at jpost.com ...
you mean the Obama’s were allowed on a pentagon laptop ?
Can’t link to the site.
However, if the story is true, somebody left the “GATES” open, eh Secretary?
The military had a ban on flash drives for several months then lifted it because they installed patches.
This could be old news recycled, or the patch/protocols didn’t work.
JP is in overload - another story here:
If it’s “recycled” I must have missed it the first time...?
The story said it happened in 2008.
Yes - but it also says “The previously classified incident”.....
...sorry if this is all Somehow OLD news to everyone on FR
Personally I do not recall seeing it reported
Pentagon is now infested with Muslims and Muslim Brotherhood agenst and moles.
I was not talking to you, I was responding to DBrow, who said it might be old news recycled. If people would take time out of their busy schedules to ACTUALLY READ THE ARTICLE it might be easier to have these conversations. The article says the lapse happened in 2008, but now they are allowing limited use of flash drives again. I don’t remember seeing the story before, either.
And this is the outfit (U.S. Government) that some people are willing to trust to manage and control their healthcare? They obviously have a death wish!
The link didn’t work for me.
OK, it’s an old story. If you went to do a presentation to the military, and had your nifty animated presentation in color animated Powerpoint on a flash drive, you could not connect it to the military’s computer, no way. Not flash, SD, CF, MiniSd, or whatever. CD, DVD was OK. Using your own computer connected to the projector was OK if you could get your computer on base and into the scif.
This went on for quite a while. GPIA, but if you knew, you burned to disc if your material was small enough.
Flash drives are OK now in limited cases because they fixed it. The rules vary by location. Personally I try to use my own computer rather than risk sticking my flash in someone’s port. That port has all the viruses of everyone who’s jacked into that port- wait, where have I heard that before?
The reason was a breach, probably described in the article I can’t read. It could spread by flash drive, too, and the commercial world has not responded fully yet.
Many major corporations are in the process of cracking down on flash drives. Drives so big now that they can hold a complete operating system, and who knows what programs. You can now easily swallow 16 GB.
That is true, and I could never understand the rationale behind the initial ban, which applied to flash drives, but not other media such as CDs, DVDs and portable USB drives. I suppose if someone had taken the data by printing it out on paper they would have banned paper, simply as an earnest of their desire to "fix" the problem. And all of this applied to the unsecured portion of the military network, where classified information is not supposed to be stored or transmitted.
Apparent related story April 2009? - reporting multiple security breaches (as a result of the initial 2008 breach?)
This article pins it on the Chicoms
Attacks like these — or U.S. awareness of them — appear to have escalated in the past six months, said one former official briefed on the matter. “There’s never been anything like it,” this person said, adding that other military and civilian agencies as well as private companies are affected. “It’s everything that keeps this country going.”
Aug 25, 2010
Deputy Defense Secretary William Lynn III, in an article to be published by the journal Foreign Affairs, writes that a flash drive inserted into a laptop on a military post in the Middle East in 2008 caused the most significant breach of military computers.
Malicious code placed on the drive by a foreign intelligence agency uploaded itself onto a network run by the U.S. Central Command, according to the article.
“That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control,” Lynn says in the article, as quoted by the Washington Post. “
My first thought...where was Hussein?
It included USB drives and card readers. Not discs, as you pointed out.
Aug 25, 2010
Lynn’s decision to declassify an incident that Defense officials had kept secret reflects the Pentagon’s desire to raise congressional and public concern....
I think this is an old story,,,
I never read where the flash drive came from though,,,
Did somebody swap out a clean one for one with a Kootie ?...
What is NEW is now linked in Post No. 15
The Pentagon has decided just today to “come clean” and declassify the story as to when and how there have been multiple serious national security breaches spanning since 2008
Also see link in Post 13
Correction see link in Post 16
A bit pricey, but this one is nice!!!
Perhaps this incident is related to the wikileaks.
Reports like this confirm my misgivings in govt, and the bureaucrats who are supposed to serve and protect our nation, and us.
This is a byproduct of equal opportunity for muslims. Where muslims are given preference in govt positions in order to demonstrate to other muslim worlds how tolerant America is.
Apparently after 911, some of our illustrious bureaucrats determined we should seek to befriend muslims, as a strategy to discourage them from murdering us. So they hired them to work in sensitive areas.
“And now, you know the rest of the story.”
NATO still allows them under some painful use requirements, but it's still better than the standard Army response that is less about solving the problem than it is bludgeoning the problem to death with a blunt instrument.
“no USB thumb drives have been allowed on government computers.”
Thanks. And rest assured, our sensitive documents are safe. Anyone who has ever tread to the dmv to waste a few hours, just so they can acquire permission to drive their car, can attest to this.
When the Boss (Obama) doesn’t care about protecting America, neither do the employees.
Two intriguing points:
1) A simultaneous attack was performed on the Department of Justice. See http://spectrum.ieee.org/riskfactor/computing/it/thumb_drive_security_peril_at ...this raises the specter that other attacks were occurring at the time and have not been reported. Or, detected [cue ominous music].
2) Shortly after these attacks, China banned Windows from critical government and military computers, moving instead to a version of FreeBSD Unix (familiar as the underpinnings of Mac OS X). http://www.h-online.com/security/China-installs-a-secure-operating-system-on-all-military-PCs—/news/113298
NOTE The following text is a quote:
Lynn Outlines Cyber Threats, Defensive Measures
By Lisa Daniel
American Forces Press Service
WASHINGTON, Aug. 25, 2010 An infected flash drive inserted into a Defense Department computer in 2008 caused a significant compromise of the departments classified computer networks and was a wake-up call for Pentagon officials to expedite cyber defense measures, the deputy secretary of defense revealed in a new magazine article.
The previously classified incident caused the most significant breach ever to U.S. military computers, William J. Lynn III wrote for an article appearing in the September/October issue of Foreign Affairs magazine.
Titled Defending a New Domain, the article outlines the evolution of computer network threats and measures the department has put into place to deal with them. The frequency and sophistication of intrusions into U.S. military networks have increased exponentially in the past 10 years, Lynn wrote. They now are probed thousands of times and scanned millions of times, every day, he added.
Sometimes the adversaries are successful, Lynn said, and they have acquired thousands of files from Defense Department networks and those of the Pentagons industry partners and U.S. allies, including weapons blueprints, operational plans and surveillance data.
To counter the threat, the Pentagon has built layered and robust defenses around military networks and created the new U.S. Cyber Command to integrate processes, Lynn said. Department officials are working with their counterparts at the Homeland Security Department, which has jurisdiction over the dot-com and dot-gov domains, to protect the networks.
The Defense Department has 15,000 networks and 7 million computing devices in use in dozens of countries, with 90,000 people working to maintain them, Lynn said, and it depends heavily on commercial industry for its network operations.
Information technology enables almost everything the U.S. military does, Lynn wrote, from logistical support and command and control to real-time intelligence and remote operations. Any future conflict will include cybersecurity, he has said.
In his article, Lynn outlines five pillars of the departments emerging cybersecurity policy:
— Cyber must be recognized as a warfare domain equal to land, sea, and air;
— Any defensive posture must go beyond good hygiene to include sophisticated and accurate operations that allow rapid response;
— Cyber defenses must reach beyond the departments dot-mil world into commercial networks, as governed by Homeland Security;
— Cyber defenses must be pursued with international allies for an effective shared warning of threats; and
— The Defense Department must help to maintain and leverage U.S. technological dominance and improve the acquisitions process to keep up with the speed and agility of the information technology industry.
Pentagon officials are developing a cyber strategy document to be released in the fall. It will address, among other things, any statutory changes needed for cyber defense, and the capability for automated defenses, such as the ability block malware at top speed, Lynn has said.
William J. Lynn III
Foreign Affairs Magazine Article
Special Report: Cybersecurity
The Cyber Warfare Center was going to be at Barksdale,AFB
down the road from me,,,
We got the Global Strike Command instead since the nukes
were already here,,,and the B-52’s,,,
Somebody dropped the ball on this one,,,
The CWC’s job was to prevent this “hacking” and to trace
the source and to Cyber Bomb it...
This story happens every week!
Let me guess the country name begins with C and ends with A.
Am I close?
beat ya by 20 seconds!
You did! Because I had to chzeckz teh spelling.
I haven't heard the ban was lifted.
“Do you want to play a game?”
It is an extremely serious breach of security to acknowledge a breach of security.
Every security officer knows this. There is absolutely no point in doing so.
my rather depressing view on this is that if there is ever a hot conflict developing with china, they are going to demonstrate the ability to turn out the lights in the US (and who knows what stuff within our own govt cybernetworks), as well as do who knows what to our financial markets, etc.
reflects the Pentagons desire to raise congressional and public concern....””
And to possibly justify changes to the civilian nets.
on vacation .... and couldn’t be reach for comment.
Under normal circumstances, if a "breach of security" like this one was discovered, it would never be acknowledged as long as it could be turned around and used to supply disinformation.
While the enemy would know that they’d got inside your system, they’d never know that they were “cleanly” in or whether you’d let them in.
Ah the base that lost the nukes. Now that is comforting.
Or, more importantly, WHEN you discovered the “breach”. If the enemy doesn’t know when you discovered a breach, they have no way of knowing when the disinformation began. This renders EVERYTHING they may have stolen useless.
Another bullseye, LH.
To acknowledge a breach to the public is to let the enemy know they actually got in. If you don’t acknowledge, then they have to wonder, even if they’re fair sure they did.
And, sadly, iirc, the congress made it illegal for the military to release misinformation/disinformation to the public. That would mean, technically, that if they admitted to a breach to the public, then they’d have to be, by law, telling the truth.
Is it just me, or does our current government have its head up its ass?