VaKo Posted August 27, 2010 Share Posted August 27, 2010 Not really, but it turns out that USB Hacks were kinda ninja after all. All is forgiven Darren, you were indeed right. In 2008, the U.S. Department of Defense suffered a significant compromise of its classified military computer networks. It began when an infected flash drive was inserted into a U.S. military laptop at a base in the Middle East. The flash drive's malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the U.S. Central Command. That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control. It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary. This previously classified incident was the most significant breach of U.S. military computers ever, and it served as an important wake-up call. The Pentagon's operation to counter the attack, known as Operation Buckshot Yankee, marked a turning point in U.S. cyberdefense strategy. Over the past ten years, the frequency and sophistication of intrusions into U.S. military networks have increased exponentially. Every day, U.S. military and civilian networks are probed thousands of times and scanned millions of times. And the 2008 intrusion that led to Operation Buckshot Yankee was not the only successful penetration. Adversaries have acquired thousands of files from U.S. networks and from the networks of U.S. allies and industry partners, including weapons blueprints, operational plans, and surveillance data. As the scale of cyberwarfare's threat to U.S. national security and the U.S. economy has come into view, the Pentagon has built layered and robust defenses around military networks and inaugurated the new U.S. Cyber Command to integrate cyberdefense operations across the military. The Pentagon is now working with the Department of Homeland Security to protect government networks and critical infrastructure and with the United States' closest allies to expand these defenses internationally. An enormous amount of foundational work remains, but the U.S. government has begun putting in place various initiatives to defend the United States in the digital age. WILLIAM J. LYNN III is U.S. Deputy Secretary of Defense. A top Pentagon official has confirmed a previously classified incident that he describes as "the most significant breach of U.S. military computers ever," a 2008 episode in which a foreign intelligence agent used a flash drive to infect computers, including those used by the Central Command in overseeing combat zones in Iraq and Afghanistan. Plugging the cigarette-lighter-sized flash drive into an American military laptop at a base in the Middle East amounted to "a digital beachhead, from which data could be transferred to servers under foreign control," according to William J. Lynn 3d, deputy secretary of defense, writing in the latest issue of the journal Foreign Affairs. "It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary," Mr. Lynn wrote. The incident was first reported in November 2008 by the Danger Room blog of Wired magazine, and then in greater detail by The Los Angeles Times, which said that the matter was sufficiently grave that President George W. Bush was briefed on it. The newspaper mentioned suspicions of Russian involvement. But Mr. Lynn's article was the first official confirmation. He also put a name — Operation Buckshot Yankee — to the Pentagon operation to counter the attack, and said that the episode "marked a turning point in U.S. cyber-defense strategy." In an early step, the Defense Department banned the use of portable flash drives with its computers, though it later modified the ban. Mr. Lynn described the extraordinary difficulty of protecting military digital communications over a web of 15,000 networks and 7 million computing devices in dozens of countries against farflung adversaries who, with modest means and a reasonable degree of ingenuity, can inflict outsized damage. Traditional notions of deterrence do not apply. "A dozen determined computer programmers can, if they find a vulnerability to exploit, threaten the United States's global logistics network, steal its operational plans, blind its intelligence capabilities or hinder its ability to deliver weapons on target," he wrote. Security officials also face the problem of counterfeit hardware that may have remotely operated "kill switches" or "back doors" built in to allow manipulation from afar, as well as the problem of software with rogue code meant to cause sudden malfunctions. Against the array of threats, Mr. Lynn said, the National Security Agency had pioneered systems — "part sensor, part sentry, part sharpshooter" — that are meant to automatically counter intrusions in real time. His article appeared intended partly to raise awareness of the threat to United States cybersecurity — "the frequency and sophistication of intrusions into U.S. military networks have increased exponentially," he wrote — and partly to make the case for a larger Pentagon role in cyberdefense. Various efforts at cyberdefense by the military have been drawn under a single organization, the U.S. Cyber Command, which began operations in late May at Fort Meade, Maryland, under a four-star general, Keith B. Alexander. But under proposed legislation, the Department of Homeland Security would take the leading role in the defense of civilian systems. Though the Cyber Command has greater capabilities, the military operates within the United States only if ordered to do so by the president. Another concern is whether the Pentagon, or government in general, has the nimbleness for such work. Mr. Lynn acknowledged that "it takes the Pentagon 81 months to make a new computer system operational after it is first funded." By contrast, he noted, "the iPhone was developed in 24 months." By BRIAN KNOWLTON Published: August 25, 2010 Quote Link to comment Share on other sites More sharing options...
Sparda Posted August 27, 2010 Share Posted August 27, 2010 . ... Quote Link to comment Share on other sites More sharing options...
VaKo Posted August 27, 2010 Author Share Posted August 27, 2010 ... Yeah, for some reason i can only use quick edit to post. Quote Link to comment Share on other sites More sharing options...
okiwan Posted August 27, 2010 Share Posted August 27, 2010 can you imagine the knowledge the person or persons who wrote that must have? information you cant even dream of. im sure no standard home computer virus/worm could do something like that to the DoD. that had to be specially written to effect their systems an the way they are designed. Quote Link to comment Share on other sites More sharing options...
VaKo Posted August 27, 2010 Author Share Posted August 27, 2010 Nah, the DoD is all wintel. Quote Link to comment Share on other sites More sharing options...
Charles Posted August 27, 2010 Share Posted August 27, 2010 (edited) Holy frak. At least they (supposedly) stepped up cybersecurity. Also: Woot Windows! I would have thought they would have at least made it so that unauthorized usb devices couldn't be accessed, let alone have autorun enabled. Edited August 27, 2010 by Charles Quote Link to comment Share on other sites More sharing options...
okiwan Posted August 27, 2010 Share Posted August 27, 2010 windtel or not they cant be just running like norton or something for security. i mean...its the Department of Defense. you would think that they have there own programmers writing custom apps for them. our country cant be THAT dumb...can it? Quote Link to comment Share on other sites More sharing options...
VaKo Posted August 27, 2010 Author Share Posted August 27, 2010 Alas no, today governments are all about COTS (commercial off the shelf): COTS Policy – Past and Present include Former Secretary of Defense William Perry recognized the benefits of dual use processes and products in 1994. His directive, known as the “Perry memo,” outlined the use of performance and commercial specifications over military unique requirements. Federal Acquisition Streamline Act of 1994 (FASA), removed many rigid acquisition regulations and allowed DoD to implement management best practices. FASA reform provisions pertaining to acquisitions include: commercial buying practices for COTS and preference for Commercial Off the Shelf (COTS) and Non-Development Items (NDI). Clinger Cohen Act streamline IT acquisition processes to manage risk and to get the most advantage from incremental acquisitions and COTS products. Federal Acquisition Regulations, Part 12 (FAR)…organizations should perform market research to determine whether commercial items or non-developmental items are available that could meet the agency's requirements and should purchase them when they are available DoD Instruction 5000.2 requires the use of COTS Information Technology solutions to the maximum practical extent. Gotta love bureaucrats :) Quote Link to comment Share on other sites More sharing options...
okiwan Posted August 27, 2010 Share Posted August 27, 2010 thats just sad. an there going to be surprised when china or north korea hacks them...again. Quote Link to comment Share on other sites More sharing options...
Sparda Posted August 27, 2010 Share Posted August 27, 2010 Yeah, for some reason i can only use quick edit to post. Seriously Quote Link to comment Share on other sites More sharing options...
VaKo Posted August 27, 2010 Author Share Posted August 27, 2010 Yeah, my firefox profile has been carried over from the 0.x version days... Quote Link to comment Share on other sites More sharing options...
digip Posted August 27, 2010 Share Posted August 27, 2010 (edited) Whats weird that you say this today is the USDOJ has been lurking on Hak5 this afternoon. I know, because I used to have an image tracker that emails me any time someone visited my hak5 profile. That was up until Sparda put in his SPAM filtering or whatever he is working on. Whats weird, they started visiting my profile at around 1:45pm US eastern time. I removed the image accidentally when editing my profile, but couldn't add it back because of Sparda's changes converting everything to text instead of hyperlinks and images. At 5pm I was still getting hits on the image even though its no longer in my profile, which means they are now visiting my website directly or have it cached in their browser. Now all my websites have server logs with the same USDOJ ip address going over pages of my sites. It would seem, they are lurking for something. I posted a little message for them to contact me if they had any questions, and apparently the decided to then visit my twitter profiles and other websites I have linked to on this site. I'm just curious, do they blame Hak5 for this issue? As far as I am concerned, its not any of our faults, or even the creators of the USB hacks themselves. Those devices had the potential for both good and bad use, but to blame switchblades for attacking US Targets is like saying guns kill people, then blame smith and wesson for murder. A gun can't pull the trigger by itself. It needs someone to use it, same for the switchblade and any other USB hack. For all we know some dumb person got an infection at home looking at porn or such that spread to their thumb drive or portable media and then spread it on the military network. Even if it was intentionally launched, you then have to realize that if someone had physical access to insert the USB within their system in the first place, they had access to do much more than just that, I'm sure. So you cant just blame their network or PC security, you have to blame their physical security and procedures as well for not preventing access in the first place, something I think anyone who works in IT Security will tell you is a no-no. I don't understand why our government spends money to hack other countries intelligence, yet they can't even secure their own. The NSA uses backtrack for surveillance tools and testing, yet we can't even get our own physical locations locked down. Hell, its probably easier to hack the military than it is to get through baggage claims at the airport. Edited August 27, 2010 by digip Quote Link to comment Share on other sites More sharing options...
Sparda Posted August 27, 2010 Share Posted August 27, 2010 I think they have allot of people and money, so they pay people to browse the internet and produce reports on there browsing sessions. Forgot to mention: Sorry about the disabling of links and images in the 'About Me' section of your profile. Spammers where using it and because of the way it's implemented it's harder to catch them when they put the spam in 'About me' than if they use there signiture for spamming. Quote Link to comment Share on other sites More sharing options...
okiwan Posted August 27, 2010 Share Posted August 27, 2010 maybe its like one of the red flag words. like if certain words come up or certain searches etc. we have a thread here with a not so nice title, then searches were made to find out what kind of systems the DoD is using and what not. Quote Link to comment Share on other sites More sharing options...
cabster21 Posted August 27, 2010 Share Posted August 27, 2010 Gary Mckinnon was in the middle east? joke. You'd be surprised at some of the sites they visit. I know intern0t gets a few visits and it's not like there is much on there. Who knows. Quote Link to comment Share on other sites More sharing options...
okiwan Posted August 30, 2010 Share Posted August 30, 2010 http://www.hackernews.com/2010/08/29/hnncast-2010-08-27/ lmao watch this. make them look even worse. the worm was created 3 years ago. an it took them 14 months to get rid of it! Quote Link to comment Share on other sites More sharing options...
VaKo Posted August 30, 2010 Author Share Posted August 30, 2010 I'm just curious, do they blame Hak5 for this issue? As far as I am concerned, its not any of our faults, or even the creators of the USB hacks themselves. Those devices had the potential for both good and bad use, but to blame switch-blades for attacking US Targets is like saying guns kill people, then blame smith and wesson for murder. A gun can't pull the trigger by itself. It needs someone to use it, same for the switchblade and any other USB hack. The USB switchblade/hacksaw idea was around before Hak5 did a segment on it, but Hak5 took the idea and made it popular, plus there was(is?) a very active development forum here. So an idea that went from "its possible, here is a long boring white paper on the topic" to "it takes 30 seconds, here is a tool you download an a youtube video on how to use it". There is no indication on how the hack was done, or even if it involved similar techniques to the ones with links to Hak5, but I remember a live QA session ages ago where Matt was defending the USB hacks as he was a sysadmin for the Navy (or something similar) and hadn't heard about it before the show demo'd it. USB sticks are a great hacking tool, and cheap to implement. All you would have to do would be leave one somewhere it would be found (or in Iraq/Afghanistan terms get captured with it on you, or hand it over to a foreign solider), and 99% of humanity will take it and plug it straight into a computer to see what's on it. If you couple that with a poorly maintained windows based system, heavily networked environment and idiots at the helm, its very easy to setup remote access, or upload sensitive files. I would encourage any young hacker with a devious mindset to try this, USB sticks are cheap, people are morons and you could recover some interesting data. Quote Link to comment Share on other sites More sharing options...
okiwan Posted August 30, 2010 Share Posted August 30, 2010 an interesting thing to try would be to leave a USB stick at a bar or where ever. you could even go to like a bank or something and leave it on the tellers desk. who knows what could happen. hmm... Quote Link to comment Share on other sites More sharing options...
gcninja Posted August 30, 2010 Share Posted August 30, 2010 NO BAD OKIWAN /me slaps him on his head with a rolled up newspaper Still, this does totally suck. Whatever you say about our gov no matter how stupid or not, they do run the country and its hard to manage a place this big w/o being china. Then again, we do open our doors to all people unlike some other places so we are more vulnerable, if we didn't we'd be racist and communist(?). Quote Link to comment Share on other sites More sharing options...
okiwan Posted August 30, 2010 Share Posted August 30, 2010 NO BAD OKIWAN /me slaps him on his head with a rolled up newspaper Still, this does totally suck. Whatever you say about our gov no matter how stupid or not, they do run the country and its hard to manage a place this big w/o being china. Then again, we do open our doors to all people unlike some other places so we are more vulnerable, if we didn't we'd be racist and communist(?). /puts tail between legs an whimpers. ya its a lose/lose situation. but only in america. any other country could regulate an no one would say anything. if we do it all hell breaks loose. Quote Link to comment Share on other sites More sharing options...
VaKo Posted August 30, 2010 Author Share Posted August 30, 2010 LOL, Americans moaning about immigration. Always makes me laugh, have you all forgotten about Manifest Destiny? The original Americans, and where you ancestors came from? Your entire nation is based upon immigration as its core tenant. It has nothing to do with communism, a word most Americans seem to have very little idea about. Quote Link to comment Share on other sites More sharing options...
beakmyn Posted August 31, 2010 Share Posted August 31, 2010 an interesting thing to try would be to leave a USB stick at a bar or where ever. you could even go to like a bank or something and leave it on the tellers desk. who knows what could happen. hmm... Don't think you're the first one to come up with that idea. Pentesters do it all the time, talks have been given at Shmoocon on it. The human race is easiest way to break into a computer/network. There are 2 constants 1. Use the dock door it's always open 2. Ask the secretary, they know everything This attack was way beyond a switchblade. The switchblade is defeated by a simple guest account or turning auto-run off. Quote Link to comment Share on other sites More sharing options...
okiwan Posted August 31, 2010 Share Posted August 31, 2010 i never said i thought i was the first to come up with that idea. just cause i thought of the idea dosnt mean i think i was the first out of the 6 billion people in the world to think of it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.