Posted on Aug 7, 2015
Pentagon computer network infiltration is latest government breach. Why don't we have more reliable cybersecurity?
13.8K
181
92
13
13
0
U.S. military officials said Thursday that they suspect Russian hackers infiltrated an unclassified Pentagon e-mail system used by employees of the Joint Chiefs of Staff, the latest in a series of state-sponsored attacks on sensitive U.S. government computer networks.
The electronic intrusion was detected about July 25, officials said. The Pentagon immediately disabled the e-mail system, which is used by about 4,000 military and civilian personnel, in an attempt to contain the damage. The network remains offline, although officials said they hoped to restart it in the coming days.
The Defense Department disclosed the attack shortly after it occurred, but only in recent days have investigators traced it to Russia. Officials said the complexity and advanced nature of the hack strongly suggested that a foreign government was responsible.
“This attack was fairly sophisticated and has the indications . . . of having come from a state actor such as Russia,” said a U.S. official who spoke on the condition of anonymity to discuss details of the investigation.
The cyberattack on the Joint Staff, which coordinates operations among the branches of the armed forces, is similar to one last fall that successfully penetrated unclassified e-mail systems at the White House and the State Department. In that case, U.S. officials said the trail also led to hackers thought to be working for the Russian government.
Even so, officials cautioned that it is difficult to pinpoint the origin or perpetrator of such hacks. “Attribution in this business is near impossible. Rarely are you ever able to say with 100 percent certainty” who was behind a particular incident, the official said.
The incident follows several other, more destructive cyberattacks on U.S. government networks, including devastating breaches of databases maintained by the Office of Personnel Management. U.S. officials believe hackers working for the Chinese government were responsible for those, which exposed sensitive information about more than 22 million people.
Responding to the spate of attacks, officials in Washington have said they were working to bolster the security of computer systems across the federal government. The disclosure of a successful breach of a Pentagon e-mail network, however, is likely to generate new scrutiny from Congress on the reliability of Washington’s cyberdefenses.
Read more at ...
https://www.washingtonpost.com/world/national-security/us-suspects-russia-in-hack-of-pentagon-computer-network/2015/08/06/b80e1644-3c7a-11e5-9c2d-ed991d848c48_story.html?hpid=z15
====================================================
The electronic intrusion was detected about July 25, officials said. The Pentagon immediately disabled the e-mail system, which is used by about 4,000 military and civilian personnel, in an attempt to contain the damage. The network remains offline, although officials said they hoped to restart it in the coming days.
The Defense Department disclosed the attack shortly after it occurred, but only in recent days have investigators traced it to Russia. Officials said the complexity and advanced nature of the hack strongly suggested that a foreign government was responsible.
“This attack was fairly sophisticated and has the indications . . . of having come from a state actor such as Russia,” said a U.S. official who spoke on the condition of anonymity to discuss details of the investigation.
The cyberattack on the Joint Staff, which coordinates operations among the branches of the armed forces, is similar to one last fall that successfully penetrated unclassified e-mail systems at the White House and the State Department. In that case, U.S. officials said the trail also led to hackers thought to be working for the Russian government.
Even so, officials cautioned that it is difficult to pinpoint the origin or perpetrator of such hacks. “Attribution in this business is near impossible. Rarely are you ever able to say with 100 percent certainty” who was behind a particular incident, the official said.
The incident follows several other, more destructive cyberattacks on U.S. government networks, including devastating breaches of databases maintained by the Office of Personnel Management. U.S. officials believe hackers working for the Chinese government were responsible for those, which exposed sensitive information about more than 22 million people.
Responding to the spate of attacks, officials in Washington have said they were working to bolster the security of computer systems across the federal government. The disclosure of a successful breach of a Pentagon e-mail network, however, is likely to generate new scrutiny from Congress on the reliability of Washington’s cyberdefenses.
Read more at ...
https://www.washingtonpost.com/world/national-security/us-suspects-russia-in-hack-of-pentagon-computer-network/2015/08/06/b80e1644-3c7a-11e5-9c2d-ed991d848c48_story.html?hpid=z15
====================================================
Hacking
Cybersecurity
DoD
National Security
Edited 9 y ago
Posted 9 y ago
Responses: 26
5
5
0
As a former computer geek, because hacking isn't terribly hard and network security is. The hacker only has to get it right once. The defender has to get it right every single time.
If a hacker has a 1% success rate, he his a successful hacker. If a cyberdefender has a 99% success rate, he sucks and the hacker wins.
Additionally, there are so many vectors to attack, that it is really difficult to think of the defense as one holistic thing - though it needs to be. You have all 7 layers of the IT stack to deal with as well as the human element, as well as physical security of devices and authentication mechanisms (CAC Cards, RSA dongles, etc.).
If a hacker has a 1% success rate, he his a successful hacker. If a cyberdefender has a 99% success rate, he sucks and the hacker wins.
Additionally, there are so many vectors to attack, that it is really difficult to think of the defense as one holistic thing - though it needs to be. You have all 7 layers of the IT stack to deal with as well as the human element, as well as physical security of devices and authentication mechanisms (CAC Cards, RSA dongles, etc.).
(5)
(0)
5
5
0
As long the cyber-security breaks are limited to NIPR and below nets, I am not very concerned GySgt Wayne A. Ekblad. I wouldn't be too surprised if long after we are all dead, the truth about these "cyber breaches," red teams, deliberate leaks, who and what is behind the varied "attacks" is released to a bored public :-)
I really wonder how many of the announced leaks are really breaches versus some type of red team system test. If I really knew the answer I couldn't discuss it :-)
I am sure my friend CW5 (Join to see) also would have no comment :-)
I really wonder how many of the announced leaks are really breaches versus some type of red team system test. If I really knew the answer I couldn't discuss it :-)
I am sure my friend CW5 (Join to see) also would have no comment :-)
(5)
(0)
CW5 (Join to see)
No comment, sir. :-) except to say that the adversary can get valuable information from NIPRNet as well. Not classified, but potentially sensitive. That's what OPSEC is all about.
I hope we're doing better in the cyber realm than what we hear in the news.
I hope we're doing better in the cyber realm than what we hear in the news.
(4)
(0)
LTC Stephen F.
CW5 (Join to see) I certainly concur with your hope that "we" are "doing better in the cyber realm than what we hear in the news."
I was trained long ago not to reveal anything in the NIPR net that would be embarrassing to see in a news report on the nightly news [that dates me] :-)
I was trained long ago not to reveal anything in the NIPR net that would be embarrassing to see in a news report on the nightly news [that dates me] :-)
(3)
(0)
Maj Kevin "Mac" McLaughlin
There are to many things which have to be done on the unclassified realm, which can lead to ways to hurt this nations. The OPM breach for example, was all about personnel records. There are many other more significant areas which can be targeted as well. otherwise, we wouldn't be investing as much as we do to protect the NIPRNET. Also, none of the "announced leaks" are going to be attributed to a sanctioned red team. The fact we conduct red teams is not classified information, nr would we allow one to be attributed to a real world breach.
(2)
(0)
5
5
0
4
4
0
This will continue to happen forever. If you're connected to the internet, you're vulnerable. Period. Give enough pros enough time to bang away at your network and even with the best, most amazing security, someone is going to get in.
(4)
(0)
4
4
0
Russia is flexing its muscles in different ways, this is just a way that they can let us know that they are there.
One way that we can prevent "spear fishing" is to emphasize the basic, "Don't click on links that come from folks that you don't know" Simple common sense.
Beefing up computer security is a must. I am such a novice, I couldn't begin to suggest a method.
One way that we can prevent "spear fishing" is to emphasize the basic, "Don't click on links that come from folks that you don't know" Simple common sense.
Beefing up computer security is a must. I am such a novice, I couldn't begin to suggest a method.
(4)
(0)
Maj Kevin "Mac" McLaughlin
Unfortunately, despite all the required training for all those accessing DoD networks with major emphasis applied to phishing, users continue to click on the link/attachments. Honestly, until we start making examples out of those who screw up (to include leadership), this lax behavior will continue.
(2)
(0)
4
4
0
TSgt Hunter Logan
The solution for these hacks is so simple. It's called penetration testing.
Basically that's where you have an "ethical hacker" hack your network so that you know all the vulnerabilities and how to fix them.
The solution for these hacks is so simple. It's called penetration testing.
Basically that's where you have an "ethical hacker" hack your network so that you know all the vulnerabilities and how to fix them.
(4)
(0)
PO1 John Miller
SSG Ryan R.
I understand that but there are still ways to lessen the risk even with cases like that.
I understand that but there are still ways to lessen the risk even with cases like that.
(2)
(0)
Sgt Ken Prescott
No, they didn't. Do you remember that the Healthcare.gov website had some restrictions on special characters in the password? That's because they were worried about someone sending SQL commands to the database.
The only possible way for that to be a worry is if the password is sent UNENCRYPTED.
Congratulations. If you've ever logged in to healthcare.gov, assume your personal data is gone.
The only possible way for that to be a worry is if the password is sent UNENCRYPTED.
Congratulations. If you've ever logged in to healthcare.gov, assume your personal data is gone.
(2)
(0)
Maj Kevin "Mac" McLaughlin
We already conduct penetration testing throughout the DoD and the Federal Government. The AHCA website was breached because the rushed the development and once again put security on the backburner. The goal was to make it work at all costs, without regard to the due diligence required in protecting personal information. Politics drove this.
Restricting the password from using special characters (i.e. input validation) alone will not prevent an SQL inject attack from occurring by the way (which is one of the vectors where one would use them). But you're right, those who set up accounts on healthcare.gov have all likely had their information compromised.
Restricting the password from using special characters (i.e. input validation) alone will not prevent an SQL inject attack from occurring by the way (which is one of the vectors where one would use them). But you're right, those who set up accounts on healthcare.gov have all likely had their information compromised.
(1)
(0)
4
4
0
GySgt Wayne A. Ekblad
This is why penetration testing is so important!
Yeah it's expensive and time consuming, but the return is very much worth it in my opinion.
This is why penetration testing is so important!
Yeah it's expensive and time consuming, but the return is very much worth it in my opinion.
(4)
(0)
4
4
0
This seems to be a trend as one government system after another gets hacked. There is a well defined need to put a stop to this type of warfare or at least try to shield the nation. The war or "1s" and "0s" is going to be a huge part of the future.
(4)
(0)
PO1 William "Chip" Nagel
Surprise like the Pizza Hut near the Pentagon knowing when an operation was going down by big delivery orders. I remember when that OPSEC Failure happened.
(2)
(0)
4
4
0
*NOTE READ the article written by "The Jester" Below!
Both the Chinese and the Russians have dedicated teams of hackers that do nothing but try to break into both government and contractor networks to spy and steal technology. Ever notice China's new fighter looks a whole lot like an F-35? I really think we need to be reaching out to our own hacker community for help. Look at Kevin Mitnick, he was once a criminal but now is a very successful security consultant. There is a lot of untapped skill that we could very much use.
The Jester has been pointing out this very thing for years which has not been heeded by many other than those who follow these sorts of things. He tweets a lot of what amounts to, "I told you so 2 years ago."
A lot of the training people get is to stop hackers with tools and security devices, it is not enough. What we truly need are hackers to stop hackers, kind of like it takes a sniper to stop a sniper. Probably the best the Army has is MAJ TJ O'connor, he was been published on the subject of network security and hacking. I will Ref. The Jester
http://www.jesterscourt.cc/2012/09/25/digital-asymmetric-warfare-is-it-possible/
Both the Chinese and the Russians have dedicated teams of hackers that do nothing but try to break into both government and contractor networks to spy and steal technology. Ever notice China's new fighter looks a whole lot like an F-35? I really think we need to be reaching out to our own hacker community for help. Look at Kevin Mitnick, he was once a criminal but now is a very successful security consultant. There is a lot of untapped skill that we could very much use.
The Jester has been pointing out this very thing for years which has not been heeded by many other than those who follow these sorts of things. He tweets a lot of what amounts to, "I told you so 2 years ago."
A lot of the training people get is to stop hackers with tools and security devices, it is not enough. What we truly need are hackers to stop hackers, kind of like it takes a sniper to stop a sniper. Probably the best the Army has is MAJ TJ O'connor, he was been published on the subject of network security and hacking. I will Ref. The Jester
http://www.jesterscourt.cc/2012/09/25/digital-asymmetric-warfare-is-it-possible/
Digital Asymmetric Warfare: Is It Possible? « JESTERS COURT – OFFICIAL BLOG
Sophisticated and complex to implement, long-term cyber attacks are often considered the work of intelligence agencies and crime syndicates. However, the oversight and bureaucracy that comes from such management often hinders the ultimate lethality of the attack.
(4)
(0)
4
4
0
The greatest mistake is that we are not hiring hackers, and criminals to fix the holes, with time new hackers discover new methods, so use hackers and criminals they know better then the college graduates.
(4)
(0)
Maj Kevin "Mac" McLaughlin
I work within the AF and they don't do Warrant Officers. Nor will they as it will require giving up NCOs, which they do not want to do, and a recent speech from the AF Chief of Staff stated that. While it sounds appealing, there are other options. Right now, the Air Force is moving towards a mix of military (both NCO and Officer), Civil Service (GG-9-13), and contractors (all of which include handicapped, DVs, etc). I only just returned to this community after a lengthy stent in the traditional comm arena before my retirement. We have a lot of things to reconsider, but overall, they're moving forward.
Now, I'm not sure who or what you're calling the Geek Squad, but I'm pretty confident my past and present cyber organizations are highly capable to conduct virtually any cyber operation they're tasked with.
Now, I'm not sure who or what you're calling the Geek Squad, but I'm pretty confident my past and present cyber organizations are highly capable to conduct virtually any cyber operation they're tasked with.
(0)
(0)
CPT Pedro Meza
Maj Kevin "Mac" McLaughlin - I am ARMY and worked with AF OSI in Afghanistan, the ARMY should use Warrant Officers and go back to the Specialist Ranks for Cyber, and make better use of MI, re-establish the 1970's ARMY Security Agency
(1)
(0)
Maj Kevin "Mac" McLaughlin
OK, so I assume JFOA with CID? In my experience OSI and even CID has had the need for the cyber experts like myself to take care of the "technical stuff." I've supported OSI in the past for investigations and we continue to do this today. However, I know for a fact OSI is trying to expand their expertise in cyber within their organization (not going to go into details). In one of my previous assignments at a Major Command, I worked hand in hand with our OSI rep and the Intel Directorate, creating one of the first ever cyber intel capabilities. My OSI rep was one of the few tech savvy agents at the time and was a master at tracing back the sources of the attacks hitting our networks. Intel is an area we lacked in terms of cyber, but that's changing today though the efforts of the 24th and 25th AF (AF Cyber Command and ISR Agency respectively).
(1)
(0)
CPT Pedro Meza
Maj Kevin "Mac" McLaughlin - I am Civil Affairs, with back ground in hard and electronic data collection and partner up with OSI in Afghanistan because both went out the wire, and found that we complemented one another. 5th for the rest, but I know.
(1)
(0)
Read This Next
Continue with Facebook 
Continue with Google