An interesting breakdown on the current state of online privacy versus national security.
From the link:
In the wake of revelations that the US military network was compromised in 2008, and that US digital interests are under a relative constant threat of attack, the Pentagon is establishing new cyber security initiatives to protect the Internet. The Pentagon strategy–which is part digital NATO, part digital civil defense, and part Big Brother–may ruffle some feathers and raise concerns that the US Internet is becoming a military police state.
The mission of the United States Department of Defense is to provide military forces needed to deter war and protect the security of the nation. The scope of that mission includes emerging threats and the need to deter cyber war and protect the digital security of the nation as well. To fulfill that mission in an increasingly connected world, and with a rising threat of digital attack, the Pentagon wants to expand its sphere of influence.
This really is a tough issue. Certainly you want the nation to be safe, but at the same time the internet is largely a borderless “pseudo-nation” and clamping down too hard — not unlike the great firewall of China — can stifle much of what makes the net great. No easy answers here, but dramatically increasing the power of the government — particularly the military — over the private sector is not an acceptable solution.
Hacked by a compromised USB thumb drive. Just goes to show you can worry all day about technical threats and software backdoors and plain old network hacking, but all those assets out in the wild — people’s heads with sensitive passwords, unattended laptops, USB drives, et al. — can be hard to lock down and are usually the easiest way into a network.
From the link:
It was a USB drive loaded with malware.
That’s how U.S. defense networks were compromised in 2008, according to U.S Deputy Defense Secretary William Lynn, who today offered the first official confirmation of a data breach that led to restrictions on the use of removable USB drives in the military.
In an article written for Foreign Affairs magazine, Lynn said the breach occurred when a single USB drive containing malicious code was inserted into a laptop computer at a U.S. base in the Middle East. The malware, placed on the drive by a foreign intelligence agency, was uploaded to a network run by the U.S. Central Command.
The malware then spread — undetected — on both classified and unclassified systems, essentially establishing a “digital beachhead” from which data could be transferred to servers outside the U.S, “It was a network administrator’s worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary,” Lynn wrote.
Here’s additional coverage of this story.
Update 8/30/10: And even more coverage. Looks like the actual threat was very low-level and involved the W32.SillyFDC worm.
And the modus operandi was mostly going to be a propaganda and sabotage effort to attempt to discredit the organization.
From the link:
In an ironic twist, Wikileaks has now published what appears to be an assessment of the site and the danger is poses to US military confidentiality, apparently from the US Army and Counterintelligence center and dated 18 March 2008.
Most of the report is a measured analysis of the site’s activities, modus operandi, funding and history, which then details numerous documents allegedly leaked to Wikileaks relating to US military activities in Iraq, Afghanistan and beyond that it sees as having handed intelligence to agencies hostile to the US.
Not sure if this is illegal, or not, and certainly there are national security issues with any military leak, but this type of covert action sure feel unAmerican.
Also from the link, here’s the lovely company our military was hoping to join:
A justification for following this course of action is considered to be that other countries have attempted to do the same.
“The governments of China, Israel, North Korea, Russia, Thailand, Zimbabwe, and several other countries have blocked access to Wikileaks.org-type Web sites, claimed they have the right to investigate and prosecute Wikileaks.org and associated whistleblowers, or insisted they remove false, sensitive, or classified government information, propaganda, or malicious content from the Internet,” says the report.
… to all United States armed service members both past and present.
[picapp src=”4/a/4/3/PicImg_Track_and_Field_b660.JPG?adImageId=7346651&imageId=4439921″ width=”500″ height=”348″ /]
Probably a good move given the technology out there. I’m a little surprised we didn’t already have a separate cybercommand in the DoD.
Sources: Pentagon planning new cybercommand AP, April 22, 2009 The Pentagon is planning to create a new military command to focus on cyberspace and protect its computer networks from cyberattacks, U.S. officials said Wednesday.
Keywords:cyberattacks
Read Original Article>>
I’d like to see some domestic reporting on this story, because it would completely rock the US military to think high-ranking officials engaged in this level of criminal activity. A scandal like this this would send shock waves throughout the armed forces and be an image-destroyer and would call into question the entire culture of the US military.
Here is reporting from the Independent in the UK:
In what could turn out to be the greatest fraud in US history, American authorities have started to investigate the alleged role of senior military officers in the misuse of $125bn (£88bn) in a US -directed effort to reconstruct Iraq after the fall of Saddam Hussein. The exact sum missing may never be clear, but a report by the US Special Inspector General for Iraq Reconstruction (SIGIR) suggests it may exceed $50bn, making it an even bigger theft than Bernard Madoff’s notorious Ponzi scheme.
“I believe the real looting of Iraq after the invasion was by US officials and contractors, and not by people from the slums of Baghdad,” said one US businessman active in Iraq since 2003.
In one case, auditors working for SIGIR discovered that $57.8m was sent in “pallet upon pallet of hundred-dollar bills” to the US comptroller for south-central Iraq, Robert J Stein Jr, who had himself photographed standing with the mound of money. He is among the few US officials who were in Iraq to be convicted of fraud and money-laundering.
Despite the vast sums expended on rebuilding by the US since 2003, there have been no cranes visible on the Baghdad skyline except those at work building a new US embassy and others rusting beside a half-built giant mosque that Saddam was constructing when he was overthrown. One of the few visible signs of government work on Baghdad’s infrastructure is a tireless attention to planting palm trees and flowers in the centre strip between main roads. Those are then dug up and replanted a few months later.
(Hat tip: Wes)
David Kirkpatrick 