Jump to content

Hak5 Responsible For The Worst Cyber Attack On The Us Military Ever...


VaKo
 Share

Recommended Posts

Not really, but it turns out that USB Hacks were kinda ninja after all. All is forgiven Darren, you were indeed right.

In 2008, the U.S. Department of Defense suffered a significant compromise of its classified military computer networks. It began when an infected flash drive was inserted into a U.S. military laptop at a base in the Middle East. The flash drive's malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the U.S. Central Command. That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control. It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary.

This previously classified incident was the most significant breach of U.S. military computers ever, and it served as an important wake-up call. The Pentagon's operation to counter the attack, known as Operation Buckshot Yankee, marked a turning point in U.S. cyberdefense strategy.

Over the past ten years, the frequency and sophistication of intrusions into U.S. military networks have increased exponentially. Every day, U.S. military and civilian networks are probed thousands of times and scanned millions of times. And the 2008 intrusion that led to Operation Buckshot Yankee was not the only successful penetration. Adversaries have acquired thousands of files from U.S. networks and from the networks of U.S. allies and industry partners, including weapons blueprints, operational plans, and surveillance data.

As the scale of cyberwarfare's threat to U.S. national security and the U.S. economy has come into view, the Pentagon has built layered and robust defenses around military networks and inaugurated the new U.S. Cyber Command to integrate cyberdefense operations across the military. The Pentagon is now working with the Department of Homeland Security to protect government networks and critical infrastructure and with the United States' closest allies to expand these defenses internationally. An enormous amount of foundational work remains, but the U.S. government has begun putting in place various initiatives to defend the United States in the digital age.

WILLIAM J. LYNN III is U.S. Deputy Secretary of Defense.

A top Pentagon official has confirmed a previously classified incident that he describes as "the most significant breach of U.S. military computers ever," a 2008 episode in which a foreign intelligence agent used a flash drive to infect computers, including those used by the Central Command in overseeing combat zones in Iraq and Afghanistan.

Plugging the cigarette-lighter-sized flash drive into an American military laptop at a base in the Middle East amounted to "a digital beachhead, from which data could be transferred to servers under foreign control," according to William J. Lynn 3d, deputy secretary of defense, writing in the latest issue of the journal Foreign Affairs.

"It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary," Mr. Lynn wrote.

The incident was first reported in November 2008 by the Danger Room blog of Wired magazine, and then in greater detail by The Los Angeles Times, which said that the matter was sufficiently grave that President George W. Bush was briefed on it. The newspaper mentioned suspicions of Russian involvement.

But Mr. Lynn's article was the first official confirmation. He also put a name — Operation Buckshot Yankee — to the Pentagon operation to counter the attack, and said that the episode "marked a turning point in U.S. cyber-defense strategy." In an early step, the Defense Department banned the use of portable flash drives with its computers, though it later modified the ban.

Mr. Lynn described the extraordinary difficulty of protecting military digital communications over a web of 15,000 networks and 7 million computing devices in dozens of countries against farflung adversaries who, with modest means and a reasonable degree of ingenuity, can inflict outsized damage. Traditional notions of deterrence do not apply.

"A dozen determined computer programmers can, if they find a vulnerability to exploit, threaten the United States's global logistics network, steal its operational plans, blind its intelligence capabilities or hinder its ability to deliver weapons on target," he wrote.

Security officials also face the problem of counterfeit hardware that may have remotely operated "kill switches" or "back doors" built in to allow manipulation from afar, as well as the problem of software with rogue code meant to cause sudden malfunctions.

Against the array of threats, Mr. Lynn said, the National Security Agency had pioneered systems — "part sensor, part sentry, part sharpshooter" — that are meant to automatically counter intrusions in real time.

His article appeared intended partly to raise awareness of the threat to United States cybersecurity — "the frequency and sophistication of intrusions into U.S. military networks have increased exponentially," he wrote — and partly to make the case for a larger Pentagon role in cyberdefense.

Various efforts at cyberdefense by the military have been drawn under a single organization, the U.S. Cyber Command, which began operations in late May at Fort Meade, Maryland, under a four-star general, Keith B. Alexander.

But under proposed legislation, the Department of Homeland Security would take the leading role in the defense of civilian systems.

Though the Cyber Command has greater capabilities, the military operates within the United States only if ordered to do so by the president.

Another concern is whether the Pentagon, or government in general, has the nimbleness for such work. Mr. Lynn acknowledged that "it takes the Pentagon 81 months to make a new computer system operational after it is first funded." By contrast, he noted, "the iPhone was developed in 24 months."

By BRIAN KNOWLTON

Published: August 25, 2010

Link to comment
Share on other sites

can you imagine the knowledge the person or persons who wrote that must have? information you cant even dream of. im sure no standard home computer virus/worm could do something like that to the DoD. that had to be specially written to effect their systems an the way they are designed.

Link to comment
Share on other sites

Holy frak. At least they (supposedly) stepped up cybersecurity.

Also: Woot Windows!

I would have thought they would have at least made it so that unauthorized usb devices couldn't be accessed, let alone have autorun enabled.

Edited by Charles
Link to comment
Share on other sites

windtel or not they cant be just running like norton or something for security. i mean...its the Department of Defense. you would think that they have there own programmers writing custom apps for them. our country cant be THAT dumb...can it?

Link to comment
Share on other sites

Alas no, today governments are all about COTS (commercial off the shelf):

COTS Policy – Past and Present include

  • Former Secretary of Defense William Perry recognized the benefits of dual use processes and products in 1994. His directive, known as the “Perry memo,” outlined the use of performance and commercial specifications over military unique requirements.
  • Federal Acquisition Streamline Act of 1994 (FASA), removed many rigid acquisition regulations and allowed DoD to implement management best practices. FASA reform provisions pertaining to acquisitions include: commercial buying practices for COTS and preference for Commercial Off the Shelf (COTS) and Non-Development Items (NDI).
  • Clinger Cohen Act streamline IT acquisition processes to manage risk and to get the most advantage from incremental acquisitions and COTS products.
  • Federal Acquisition Regulations, Part 12 (FAR)…organizations should perform market research to determine whether commercial items or non-developmental items are available that could meet the agency's requirements and should purchase them when they are available
  • DoD Instruction 5000.2 requires the use of COTS Information Technology solutions to the maximum practical extent.

Gotta love bureaucrats :)

Link to comment
Share on other sites

Whats weird that you say this today is the USDOJ has been lurking on Hak5 this afternoon. I know, because I used to have an image tracker that emails me any time someone visited my hak5 profile. That was up until Sparda put in his SPAM filtering or whatever he is working on. Whats weird, they started visiting my profile at around 1:45pm US eastern time. I removed the image accidentally when editing my profile, but couldn't add it back because of Sparda's changes converting everything to text instead of hyperlinks and images.

At 5pm I was still getting hits on the image even though its no longer in my profile, which means they are now visiting my website directly or have it cached in their browser. Now all my websites have server logs with the same USDOJ ip address going over pages of my sites. It would seem, they are lurking for something.

I posted a little message for them to contact me if they had any questions, and apparently the decided to then visit my twitter profiles and other websites I have linked to on this site.

I'm just curious, do they blame Hak5 for this issue? As far as I am concerned, its not any of our faults, or even the creators of the USB hacks themselves. Those devices had the potential for both good and bad use, but to blame switchblades for attacking US Targets is like saying guns kill people, then blame smith and wesson for murder. A gun can't pull the trigger by itself. It needs someone to use it, same for the switchblade and any other USB hack.

For all we know some dumb person got an infection at home looking at porn or such that spread to their thumb drive or portable media and then spread it on the military network. Even if it was intentionally launched, you then have to realize that if someone had physical access to insert the USB within their system in the first place, they had access to do much more than just that, I'm sure. So you cant just blame their network or PC security, you have to blame their physical security and procedures as well for not preventing access in the first place, something I think anyone who works in IT Security will tell you is a no-no. I don't understand why our government spends money to hack other countries intelligence, yet they can't even secure their own. The NSA uses backtrack for surveillance tools and testing, yet we can't even get our own physical locations locked down. Hell, its probably easier to hack the military than it is to get through baggage claims at the airport.

Edited by digip
Link to comment
Share on other sites

I think they have allot of people and money, so they pay people to browse the internet and produce reports on there browsing sessions.

Forgot to mention: Sorry about the disabling of links and images in the 'About Me' section of your profile. Spammers where using it and because of the way it's implemented it's harder to catch them when they put the spam in 'About me' than if they use there signiture for spamming.

Link to comment
Share on other sites

I'm just curious, do they blame Hak5 for this issue? As far as I am concerned, its not any of our faults, or even the creators of the USB hacks themselves. Those devices had the potential for both good and bad use, but to blame switch-blades for attacking US Targets is like saying guns kill people, then blame smith and wesson for murder. A gun can't pull the trigger by itself. It needs someone to use it, same for the switchblade and any other USB hack.

The USB switchblade/hacksaw idea was around before Hak5 did a segment on it, but Hak5 took the idea and made it popular, plus there was(is?) a very active development forum here. So an idea that went from "its possible, here is a long boring white paper on the topic" to "it takes 30 seconds, here is a tool you download an a youtube video on how to use it". There is no indication on how the hack was done, or even if it involved similar techniques to the ones with links to Hak5, but I remember a live QA session ages ago where Matt was defending the USB hacks as he was a sysadmin for the Navy (or something similar) and hadn't heard about it before the show demo'd it.

USB sticks are a great hacking tool, and cheap to implement. All you would have to do would be leave one somewhere it would be found (or in Iraq/Afghanistan terms get captured with it on you, or hand it over to a foreign solider), and 99% of humanity will take it and plug it straight into a computer to see what's on it. If you couple that with a poorly maintained windows based system, heavily networked environment and idiots at the helm, its very easy to setup remote access, or upload sensitive files. I would encourage any young hacker with a devious mindset to try this, USB sticks are cheap, people are morons and you could recover some interesting data.

Link to comment
Share on other sites

NO BAD OKIWAN

/me slaps him on his head with a rolled up newspaper

Still, this does totally suck. Whatever you say about our gov no matter how stupid or not, they do run the country and its hard to manage a place this big w/o being china. Then again, we do open our doors to all people unlike some other places so we are more vulnerable, if we didn't we'd be racist and communist(?).

Link to comment
Share on other sites

NO BAD OKIWAN

/me slaps him on his head with a rolled up newspaper

Still, this does totally suck. Whatever you say about our gov no matter how stupid or not, they do run the country and its hard to manage a place this big w/o being china. Then again, we do open our doors to all people unlike some other places so we are more vulnerable, if we didn't we'd be racist and communist(?).

/puts tail between legs an whimpers.

ya its a lose/lose situation. but only in america. any other country could regulate an no one would say anything. if we do it all hell breaks loose.

Link to comment
Share on other sites

LOL, Americans moaning about immigration. Always makes me laugh, have you all forgotten about Manifest Destiny? The original Americans, and where you ancestors came from? Your entire nation is based upon immigration as its core tenant. It has nothing to do with communism, a word most Americans seem to have very little idea about.

Link to comment
Share on other sites

an interesting thing to try would be to leave a USB stick at a bar or where ever. you could even go to like a bank or something and leave it on the tellers desk. who knows what could happen. hmm...

Don't think you're the first one to come up with that idea. Pentesters do it all the time, talks have been given at Shmoocon on it. The human race is easiest way to break into a computer/network. There are 2 constants

1. Use the dock door it's always open

2. Ask the secretary, they know everything

This attack was way beyond a switchblade. The switchblade is defeated by a simple guest account or turning auto-run off.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...