Sunday, November 30, 2008

DOD Targeted by Widespread Malware

Via LATimes -

The 'malware' strike, thought to be from inside Russia, hit combat zone computers and the U.S. Central Command overseeing Iraq and Afghanistan. The attack underscores concerns about computer warfare.

Reporting from Washington -- Senior military leaders took the exceptional step of briefing President Bush this week on a severe and widespread electronic attack on Defense Department computers that may have originated in Russia -- an incursion that posed unusual concern among commanders and raised potential implications for national security.

Defense officials would not describe the extent of damage inflicted on military networks. But they said that the attack struck hard at networks within U.S. Central Command, the headquarters that oversees U.S. involvement in Iraq and Afghanistan, and affected computers in combat zones. The attack also penetrated at least one highly protected classified network.

Military computers are regularly beset by outside hackers, computer viruses and worms. But defense officials said the most recent attack involved an intrusive piece of malicious software, or "malware," apparently designed specifically to target military networks.

"This one was significant; this one got our attention," said one defense official, speaking on condition of anonymity when discussing internal assessments.

Although officials are withholding many details, the attack underscores the increasing danger and potential significance of computer warfare, which defense experts say could one day be used by combatants to undermine even a militarily superior adversary.

Bush was briefed on the threat by Navy Adm. Michael G. Mullen, chairman of the Joint Chiefs of Staff. Mullen also briefed Defense Secretary Robert M. Gates.

[...]

The first indication that the Pentagon was dealing with a computer problem came last week, when officials banned the use of external computer flash drives. At the time, officials did not indicate the extent of the attack or the fact that it may have targeted defense systems or posed national security concerns.

The invasive software, known as agent.btz, has circulated among nongovernmental U.S. computers for months. But only recently has it affected the Pentagon's networks. It is not clear whether the version responsible for the cyber-intrusion of classified networks is the same as the one affecting other computer systems.

The malware is able to spread to any flash drive plugged into an infected computer. The risk of spreading the malware to other networks prompted the military to ban the drives.

Defense officials acknowledged that the worldwide ban on external drives was a drastic move. Flash drives are used constantly in Iraq and Afghanistan, and many officers keep them loaded with crucial information on lanyards around their necks.

Banning their use made sharing information in the war theaters more difficult and reflected the severity of the intrusion and the threat from agent.btz, a second official said.

Officials would not describe the exact threat from agent.btz, or say whether it could shut down computers or steal information. Some computer experts have reported that agent.btz can allow an attacker to take control of a computer remotely and to take files and other information from it.

In response to the attack, the U.S. Strategic Command, which oversees the military's cyberspace defenses, has raised the security level for its so-called information operations condition, or "INFOCON," initiating enhanced security measures on military networks.

[...]

On Tuesday, Gen. Norton A. Schwartz, Air Force chief of staff, received a specialized briefing about the malware attack. Officers from the Air Force Network Operations Center at Barksdale Air Force Base in Louisiana outlined their efforts to halt the spread of the malware and to protect military computers from further attack.

Schwartz, praising those efforts, said that the attack and the military's response were being closely monitored by senior military leaders.

The offending program has been cleansed from a number of military networks. But officials said they did not believe they had removed every bit of infection from all Defense Department computers.

"There are lots of people working hard to remove the threat and put in preventive measures to protect the grid," said the defense official. "We have taken a number of corrective measures, but I would be overstating it if I said we were through this."


----------------------------

Some media outlets are reporting malware connected to China being discovered on the DoD networks.

It is important to remember that most of the general Internet malware is commonly traced and found to have either Russia or Chinese roots....so it is possible that the DoD is fighting common (non-targeted) infections....just like the rest of the corporate world.

Without more public information...it is hard to tell determine if this is a targeted attack or just a piece of common everyday malware that found a foothold and spread uncontrolled (due to bad security policy and practies)...the public may never know.

No comments:

Post a Comment