DoD orders ban on digital storage devices

[Jag]

http://www.airforcetimes.com/news/20...e_ban_112008w/

By William H. McMichael and Bruce Rolfsen - Staff writers
Posted : Thursday Nov 20, 2008 18:05:30 EST

The Defense Department has imposed an immediate ban on the use of thumb drives and other easily portable devices that offer digital memory storage, with some sort of viral intrusion into the military’s worldwide computer networks apparently spurring the move.

The Pentagon would not confirm or deny the ban, although it is spelled out in at least two Air Force directives, one of which sources the order to the Defense Department command that oversees the networks.

Neither directive spells out why the ban was imposed throughout the Defense Department’s Global Information Grid, which includes more than 17,000 local and regional networks and about 7 million individual computers.

But an intrusion or infection is the only explanation, said renowned security expert and author Bruce Schneier.

“Certainly, it’s a propagation problem they’re worried about,” said Schneier, chief security technology officer for BT, a British-based global communications firm. “If it’s preventive, why wasn’t it preventive last week? Something happened, and they’re worried about it propagating.”

The quickest way to stop additional problems, Schneier said, is to disallow the use of all flash media.

“They’ve got something they need to deal with,” Schneier said. “And they can deal with it better if things don’t move in and out of network. The problem with things like USB sticks is that they’re off-line storage.”

One official told Military Times that the latest ban was not related to bandwidth issues that prompted a system-wide May 2007 prohibition on accessing social networking and entertainment sites on military computers.

Neither Air Force directives state explicitly that a Defense Department-wide ban is in place. But one notes that the order to stop using flash media was issued by U.S. Strategic Command, which is responsible for operating and defending the .mil and .smil domains.

That internal Air Force memo, directed at Washington, D.C., Air Force offices and dated Nov. 17, orders “immediate suspension” of the use of such devices on all NIPR and SIPR networks.

A similar message, which did not mention StratCom, was posted online by Whiteman Air Force Base, Mo.

“The Chief of Staff of the Air Force recently implemented a policy prohibiting the use of memory sticks, thumb drives, flash memory cards such as XD, SD, Micro, Mini, CF, MS, cards etc., cameras, portable music players and [Personal Digital Assistants],” the message states. “Excluded are Blackberry devices that do not have the flash memory such as a Micro SD card installed.

“All remaining removable media such as external hard drives, CDs or DVDs, and other various items can be used if the following policies are met: All removable media must be labeled with the appropriate security classification. All other removable media such as external hard drives, CD/DVD reader/writer items must be scanned with a virus scanner prior to use.”

StratCom and its Joint Task Force-Global Network Operations, which manages the Global Information Grid, would not comment, referring all questions to the Pentagon. There, a spokesman responded but said operational considerations prevented any detailed comment.

“Daily, there are millions of scans” of the Global Information Grid, said Air Force Lt. Col. Eric Butterbaugh. “For security reasons, we don’t discuss the number of actual intrusions or attempts, or discuss specific measures commanders in the field may be taking to protect and defend our networks.”

Butterbaugh said the Defense Department “aggressively monitors its networks for intrusions and has appropriate procedures to address threats.”

“To address continuous and constantly changing cyber threats, guidance regularly is provided to the field about current threats and measures for users to take to ensure our information systems remain secure,” he said. “It’s the responsibility of every user to help protect the network.”

Rick, Fox News had a Breaking News Alert on a Massive Cyber Attack on the Pentagon and military bases....is this the start of what we all feel is coming?

Jag

[Malsua]

EVERY secure installation already has banned flash drives. This would include most data centers that I enter.

[AGEUSAF]

I got this in email this week at work, DoD computer. Mentioned the usb drives I didn't think we could use those in the first place. I got so many damn passwords half the time I'm calling our IT just so I can get into the thing.

[American Patriot]

Ummmmm No, Mal... they haven't.

Funny how not everything you see in the news is exactly right.

This was what I couldn't "discuss" the other day.

It came down to banning CD ROM drives, usbs, etc. They shut down the USB ports yesterday and CD rom drive, floppy drives and pretty much anything you can gain external access to a computer from.

Welcome to Big Brother.

[Malsua]

>>Ummmmm No, Mal... they haven't.<

If they haven't banned flash drives, by definition, they aren't secure.

Not true again.

We use them for transferring data from stand alone systems to other systems and vice-versa.

The issue came up on Friday-Monday.

We were told they were disabling ports, CD Roms (people listen to music while they work, now they cant, they've locked out music streaming, video and everything else).... so people bring in cds. They are allowed to do that. Now they can't use CD roms.

You can't bring in a ipod, or flash drive into my complex.

However, I have with me a ham radio, a flash drive, working USB ports, work CD rom drive.

HOW CAN THIS BE?

I'm AUTHORIZED TO DO so...

You see, things aren't always as they appear.

[Jag]

This is how Fox reported it last night as Breaking News....

Pentagon Hit by Unprecedented Cyber Attack

As a result of the cyber attack, the Defense Department has banned the use of external hardware devices throughout a vast network of military computers.

FOXNews.com
Thursday, November 20, 2008

The Pentagon has suffered from a cyber attack so alarming that it has taken the unprecedented step of banning the use of external hardware devices, such as flash drives and DVD's, FOX News has learned.

The attack came in the form of a global virus or worm that is spreading rapidly throughout a number of military networks.

"We have detected a global virus for which there has been alerts, and we have seen some of this on our networks," a Pentagon official told FOX News. "We are now taking steps to mitigate the virus."

The official could not reveal the source of the attack because that information remains classified.

"Daily there are millions of scans of the GIG, but for security reasons we don't discuss the number of actual intrusions or attempts, or discuss specific measures commanders in the field may be taking to protect and defend our networks," the department said in an official statement.

Military computers are often referred to as part of the Global Information Grid, or GIG, a system composed of 17 million computers, many of which house classified or sensitive information.

FOX News obtained a copy of one memo sent out last week to an Army division within the Pentagon warning of the cyber attack.

"Due to the presence of commercial malware, CDR USSTRATCOM has banned the use of removable media (thumb drives, CDRs/DVDRs, floppy disks) on all DoD networks and computers effective immediately."

FOX News' Justin Fishel and Jennifer Griffin contributed to this report.

Jag

[Malsua]

Odd.

I appear to be talking to myself.

[American Patriot]

Oh shit.

[American Patriot]

Mal I think I accidentally hit the damned edit button instead of the damned QUOTE button.

I AM SOOOOOOOOOOOOOOOOOOO SORRY!

[Ryan Ruck]

That's pretty funny...

[Malsua]

Heh, no biggie. That's what I figured happened.

[American Patriot]

I hate that the edit and quote buttons are right next to each other like that.

When I hit the quote button I sometimes hit the edit button. I dont even usually USE the quote button, I copy and paste the things I want to respond to and answer it individually, but got used to doing it on another site as a user... now it's screwing me up.

doh.

[Ryan Ruck]

I've done the same now and then but have always caught it.

[vector7]

From The Times

September 8, 2007
China’s cyber army is preparing to march on America, says Pentagon


(© Corbis. All Rights Reserved)

Tim Reid in Washington

Chinese military hackers have prepared a detailed plan to disable America’s aircraft battle carrier fleet with a devastating cyber attack, according to a Pentagon report obtained by The Times.

The blueprint for such an assault, drawn up by two hackers working for the People’s Liberation Army (PLA), is part of an aggressive push by Beijing to achieve “electronic dominance” over each of its global rivals by 2050, particularly the US, Britain, Russia and South Korea.

China’s ambitions extend to crippling an enemy’s financial, military and communications capabilities early in a conflict, according to military documents and generals’ speeches that are being analysed by US intelligence officials. Describing what is in effect a new arms race, a Pentagon assessment states that China’s military regards offensive computer operations as “critical to seize the initiative” in the first stage of a war.

The plan to cripple the US aircraft carrier battle groups was authored by two PLA air force officials, Sun Yiming and Yang Liping. It also emerged this week that the Chinese military hacked into the US Defence Secretary’s computer system in June; have regularly penetrated computers in at least 10 Whitehall departments, including military files, and infiltrated German government systems this year.

Related Links

• China ‘tops list’ of cyber-hackers

• Nasty effects of China syndrome

Cyber attacks by China have become so frequent and aggressive that President Bush, without referring directly to Beijing, said this week that “a lot of our systems are vulnerable to attack”. He indicated that he would raise the subject with Hu Jintao, the Chinese President, when they met in Sydney at the Apec summit. Mr Hu denied that China was responsible for the attack on Robert Gates, the US Defence Secretary.

Larry M. Wortzel, the author of the US Army War College report, said: “The thing that should give us pause is that in many Chinese military manuals they identify the US as the country they are most likely to go to war with. They are moving very rapidly to master this new form of warfare.” The two PLA hackers produced a “virtual guidebook for electronic warfare and jamming” after studying dozens of US and Nato manuals on military tactics, according to the document.

The Pentagon logged more than 79,000 attempted intrusions in 2005. About 1,300 were successful, including the penetration of computers linked to the Army’s 101st and 82nd Airborne Divisions and the 4th Infantry Division. In August and September of that year Chinese hackers penetrated US State Department computers in several parts of the world. Hundreds of computers had to be replaced or taken offline for months. Chinese hackers also disrupted the US Naval War College’s network in November, forcing the college to shut down its computer systems for several weeks. The Pentagon uses more than 5 million computers on 100,000 networks in 65 countries.

Jim Melnick, a recently retired Pentagon computer network analyst, told The Times that the Chinese military holds hacking competitions to identify and recruit talented members for its cyber army.

He described a competition held two years ago in Sichuan province, southwest China. The winner now uses a cyber nom de guerre, Wicked Rose. He went on to set up a hacking business that penetrated computers at a defence contractor for US aerospace. Mr Melnick said that the PLA probably outsourced its hacking efforts to such individuals. “These guys are very good,” he said. “We don’t know for sure that Wicked Rose and people like him work for the PLA. But it seems logical. And it also allows the Chinese leadership to have plausible deniability.”

In February a massive cyber attack on Estonia by Russian hackers demonstrated how potentially catastrophic a preemptive strike could be on a developed nation. Pro-Russian hackers attacked numerous sites to protest against the controversial removal in Estonia of a Russian memorial to victims of the Second World War. The attacks brought down government websites, a major bank and telephone networks.
Linton Wells, the chief computer networks official at the Pentagon, said that the Estonia attacks “may well turn out to be a watershed in terms of widespread awareness of the vulnerability of modern society”.
After the attacks, computer security experts from Nato, the EU, US and Israel arrived in the capital, Tallinn, to study its effects.
Sami Saydjari, who has been working on cyber defence systems for the Pentagon since the 1980s, told Congress in testimony on April 25 that a mass cyber attack could leave 70 per cent of the US without electrical power for six months.

He told The Times that all major nations – including China – were scrambling to defend against, and working out ways to cause, “maximum strategic damage” by taking out banking systems, power grids and communications networks. He said that there were at least a thousand attempted attacks every hour on American computers. “China is aggressive in this,” he said.

http://technology.timesonline.co.uk/...cle2409865.ece

[vector7]

China's hackers stealing US defence secrets, says congressional panel

Thursday November 20 2008 17.45 GMT

• Owen Bowcott
• guardian.co.uk
• Article history

China is stealing sensitive information from American computer networks and stepping up its online espionage, according to a US congressional panel.

Beijing's investment in rocket technology is also accelerating the militarisation of outer space and lifting it into the "commanding heights" of modern warfare, the advisory group claims. The strident warning, which may have a chilling effect on relations between the two Pacific powers, comes in the annual report of the US-China economic and security review commission due today.

A summary of the study, released in advance, alleges that networks and databases used by the US government and American defence contractors are regularly targeted by Chinese hackers. "China is stealing vast amounts of sensitive information from US computer networks," says Larry Wortzel, chairman of the commission set up by Congress in 2000 to investigate US-China issues.

The commission, consisting of six Democrats and six Republicans, says in its unanimous report that China's military modernisation and its "impressive but disturbing" space and computer warfare capabilities "suggest China is intent on expanding its sphere of control even at the expense of its Asian neighbors and the United States."

The commission recommends that the US upgrade its intelligence and homeland security systems protecting computer networks. It quotes the Chinese military strategist, Wang Huacheng, as describing US dependence on space assets and information technology as its "soft ribs".

There are 250 hacker groups in China, the report says, including some whose members have been trained at Chinese military academies.
"China is aggressively pursuing cyber warfare capabilities that may provide it with an asymmetric advantage against the United States," the commission says.

"In a conflict situation, this advantage would reduce current US conventional military dominance ... in 2007 the 10 most prominent US defense contractors, including Raytheon, Lockheed Martin, Boeing, and Northrop Grumman, were victims of cyber espionage through penetrations of their unclassified networks."

China's space programme is "steadily increasing the vulnerability of US assets", the report says. Technical improvements in satellite imagery enable China to locate US aircraft carrier battle groups more accurately, faster and from further away.

The People's Liberation Army officer and author Cai Fengzhen is quoted as saying that the "area above ground, airspace and outer space are inseparable and integrated. They are the strategic commanding height of modern informationalised warfare".

"If this becomes Chinese policy," the report says, "it could set the stage for conflict with the United States and other nations that expect the right of passage for their spacecraft."

"China could use laser technology to blind temporarily a US reconnaissance satellite operating over international waters. This action could be viewed by many as purely defensive. However, China also could use its ASAT capability to destroy a US satellite operating over its territory."

"China has significant anti-satellite capabilities. The capabilities go far beyond those demonstrated in the January 2007 'test' that destroyed an obsolete Chinese weather satellite. They include co-orbital direct attack weapons and directed energy weapons for dazzling or damaging satellites, both of which currently are under development."

Relations between China and the United States are businesslike and have not been under severe strain recently. During the presidential election campaign, Barack Obama said: "China is rising, and it's not going away," adding that Beijing was "neither our enemy nor our friend; they're competitors".

Allegations that Chinese hackers penetrate US defence computers have been made before, including reports of attacks on the Pentagon supposedly backed by China's army. US intelligence gave the assaults the codename Titan Rain. In Britain last year, Chinese hackers were said to have breached networks used by the foreign office, the House of Commons and Whitehall departments.

China has said it is not trying to undermine other countries' interests and wants to maintain good relations with the US.

http://www.guardian.co.uk/world/2008...security-obama

[vector7]

China Stealing Space Rocket Technology

November 20, 2008:

A Chinese-American scientist pled guilty to providing China with U.S. rocket technology. Quan-Sheng Shu, a 68 year old naturalized citizen who was born in China, was president of AMAC International Inc., a technology company with offices in the United States and China. Shu bribed Chinese officials to award a $4 million contract, for rocket technology, to his company. Shu was attempting to export technology to China without the required permits (that he knew he would not get.) Shu could receive up to ten years in jail, plus millions of dollars in fines. But he has a plea bargain agreement which prevented his wife from being prosecuted for her part in the transaction. The plea deal will probably get Shu a shorter jail term.

The Shu case is another example of the Chinese effort to use industrial espionage to turn their country into the mightiest industrial and military power on the planet. For over two decades, China has been attempting to do what the Soviet Union never accomplished; steal Western technology, then use it to move ahead of the West. The Soviets lacked the many essential supporting industries found in the West (most founded and run by entrepreneurs), and was never able to get all the many pieces needed to match Western technical accomplishments. Soviet copies of American computers, for example, were crude, less reliable and less powerful. Same with their jet fighters, tanks and warships.

China believes they can avoid the Soviet error by making it profitable for Western firms to set up factories in China, where Chinese managers and workers can be taught how to make things right. At the same time. China allows thousands of their best students to go to the United States to study. While most of these students will stay in America, where there are better jobs and more opportunities, some will come back to China, and bring American business and technical skills with them. Finally, China energetically uses the "thousand grains of sand" approach to espionage. This involves China trying to get all Chinese going overseas, and those of Chinese ancestry living outside the motherland, to spy for China, if only a tiny bit.

This approach to espionage is nothing new. Other nations have used similar systems for centuries. What is unusual is the scale of the Chinese effort. Backing it all up is a Chinese intelligence bureaucracy back home that is huge, with nearly 100,000 people working just to keep track of the many Chinese overseas, and what they could, or should, be to trying to grab for the motherland. It begins when Chinese intelligence officials examining who is going overseas, and for what purpose. Chinese citizens cannot leave the country, legally, without the state security organizations being notified. The intel people are not being asked to give permission. They are being alerted in case they want to have a talk with students, tourists or business people before they leave the country. Interviews are often held when these people come back as well.

Those who might be coming in contact with useful information are asked to remember what they saw, or bring back souvenirs. Over 100,000 Chinese students go off to foreign universities each year. Even more go abroad as tourists or on business. Most of these people were not asked to actually act as spies, but simply to share, with Chinese government officials (who are not always identified as intelligence personnel) whatever information they obtained. The more ambitious of these people are getting caught and prosecuted. But the majority, who are quite casual, and, individually, bring back relatively little, are almost impossible to catch.

Like the Russians, the Chinese are also using the traditional methods, using people with diplomatic immunity to recruit spies, and offering cash, or whatever, to get people to sell them information. This is still effective, and when combined with the "thousand grains of sand" methods, brings in lots of secrets. The final ingredient is a shadowy venture capital operations, sometimes called Project 863, that offers money for Chinese entrepreneurs who will turn the stolen technology into something real. No questions asked. If you can get back to China with the secrets, you are home free and potentially very rich.

Shu was just trying to do some business, but he was also ensnared by this enormous Chinese espionage operation that has had far more successes than failures.

http://www.strategypage.com/htmw/hti.../20081120.aspx

[American Patriot]

First off, they can't "steal it". They have to get on the SIPRnet - and they can't without our codes, and our hardware. Certainly they might have some of the hardware after the airplane incident.

However - Clinton GAVE them a lot of stuff, which, technically isn't stealing. If the President of the United States wants to give away all our secrets, he set the precedent for doing so - the next guy in office can pretty much give away the farm now and be assured he won't be prosecuted as a spy or traitor.

America is a great country, isn't it?

[American Patriot]

Under Worm Assault, Military Bans Disks, USB Drives

By Noah Shachtman November 19, 2008 | 6:12:30 PMCategories: Info War




The Defense Department's geeks are spooked by a rapidly spreading worm crawling across their networks. So they've suspended the use of so-called thumb drives, CDs, flash media cards, and all other removable data storage devices from their nets, to try to keep the worm from multiplying any further.


The ban comes from the commander of U.S. Strategic Command, according to an internal Army e-mail. It applies to both the secret SIPR and unclassified NIPR nets. The suspension, which includes everything from external hard drives to "floppy disks," is supposed to take effect "immediately." Similar notices went out to the other military services.


In some organizations, the ban would be only a minor inconvenience. But the military relies heavily on such drives to store information. Bandwidth is often scarce out in the field. Networks are often considered unreliable. Takeaway storage is used constantly as a substitute.


The problem, according to a second Army e-mail, was prompted by a "virus called Agent.btz." That's a variation of the "SillyFDC" worm, which spreads by copying itself to thumb drives and the like. When that drive or disk is plugged into a second computer, the worm replicates itself again — this time on the PC. "From there, it automatically downloads code from another location. And that code could be pretty much anything," says Ryan Olson, director of rapid response for the iDefense computer security firm. SillyFDC has been around, in various forms, since July 2005. Worms that use a similar method of infection go back even further — to the early '90s. "But at that time they relied on infecting floppy disks rather than USB drives," Olson adds.



Servicemembers are supposed to "cease usage of all USB storage media until the USB devices are properly scanned and determined to be free of malware," one e-mail notes.


Eventually, some government-approved drives will be allowed back under certain "mission-critical," but unclassified, circumstances. "Personally owned or non-authorized devices" are "prohibited" from here on out.


To make sure troops and military civilians are observing the suspension, government security teams "will be conducting daily scans and running custom scripts on NIPRNET and SIPRNET to ensure the commercial malware has not been introduced," an e-mail says. "Any discovery of malware will result in the opening of a security incident report and will be referred to the appropriate security officer for action."


"The USB ban should be effective in stopping the worm," Olson says. Asked if such a wide-spread measure was a bit of over-kill, Olson responded, "I don't know."


"I know this [is an] inconvenience," e-mails one Michigan Army National Guardsman.


"This has been briefed to the CoS [Chief of Staff] of the ARMY. This is not just a problem for Michigan, and is effecting operations around the world. This is a very serious threat and should be treated as such. Please understand that this is a form of attack, and we need to have patience in dealing with this issue."
[Photo: Department of Defense]

[American Patriot]

Military Looking Abroad for Source of Cyber Attack on Pentagon

The attack, possibly tracing to Russia, was strategically timed to hit between the presidential election and Inauguration Day, according to a Navy official.

FOXNews.com
Friday, November 21, 2008



The cyber attack on the Department of Defense that has led to a ban on the use of external hardware devices could have come from a number of foreign countries, possibly Russia, though the military is dismissing earlier reports that China was the source of the threat.


FOX News learned that a Navy rear admiral outside the Pentagon, in a briefing to his staff on Thursday, characterized the virus as a coordinated attack that was strategically timed to hit between the Nov. 4 presidential election and Inauguration Day, Jan. 20.


He described how a service member with access to classified information inadvertently loaded the virus onto his computer via a flash drive. As a result, he no longer knows where the computer's sensitive information is being stored.


The cyber attack so alarmed the Pentagon that it took the unprecedented step of banning the use of external hardware devices, such as flash drives and recordable CDs and DVDs.


The attack came in the form of a global virus or worm that is spreading rapidly throughout a number of military networks.


"We have detected a global virus for which there has been alerts, and we have seen some of this on our networks," a Pentagon official told FOX News. "We are now taking steps to mitigate the virus."


The official could not reveal the source of the attack because that information remains classified.


"Daily there are millions of scans of the GIG (the Global Information Grid), but for security reasons we don't discuss the number of actual intrusions or attempts, or discuss specific measures commanders in the field may be taking to protect and defend our networks," the Defense Department said in an official statement.



Military computers are often referred to as part of the GIG, a system of 17 million computers, many of which house classified or sensitive information.


FOX News obtained a copy of a memo sent out last week to an Army division warning of the cyber attack:


"Due to the presence of commercial malware, CDR USSTRATCOM has banned the use of removable media (thumb drives, CDRs/DVDRs, floppy disks) on all DoD networks and computers effective immediately."


FOX News' Justin Fishel and Jennifer Griffin contributed to this report.

[American Patriot]

Cyber Attack Spurs Thumb Drive Ban


http://www.dodbuzz.com/2008/11/21/cy...umb-drive-ban/


By Colin Clark Friday, November 21st, 2008 3:22 pm
Posted in Cyber Security, Policy


Our friends at DefenseTech.org feature an excellent piece about a cyber attack on the U.S. military. The attack finally led to the military banning thumb drives and other portable memory tools from use on military networks.
The article is by Kevin Coleman. Here it is:


The Pentagon has suffered a direct hit from a cyber attack. The weapon used is said to be a hybrid computer worm/virus. Insiders say the hybrid rapidly spread through the thousands of interconnected defense computer networks. A computer worm is different from a computer virus. A worm is thought to be more dangerous because it can run itself where as a virus needs a host program to run. The DoD responded quickly and has taken steps to slow the advancement of the worm/virus by quarantining networks and systems until the worm/virus can be removed.

Cyber investigators have not pinpointed the entry point for the worm/virus, but insider sources point to removable storage devices as the most likely point of infection. This seems to be supported by the fact that U.S. Strategic Command has banned the use of removable media (thumb drives, CDRs/DVDRs, floppy disks) on all DoD networks and computers effective immediately. This incident has been deemed so severe that unprecedented defensive measures have been instituted to protect the military systems.

Oddly enough, all Internet users are being warned to stay vigilant by security experts who believe that Monday, Nov. 24 is poised to be the worst day of the year for computer attacks.

Security experts at Spy-Ops I spoke with said, “If this can happen to the Department of Defense it can happen to any organization.” They went on to say that the cost of this attack could easily reach into the billions of dollars if the worm/virus destroys data. If that’s not bad enough, one expert went on to say that the nightmare scenario is if the malicious code alters data rather than deleting it — a much more difficult problem to resolve.

News of the cyber attack came on the heels of today’s release of the “Global Trends 2025: A Transformed World” document by the Office of the Director of National Intelligence. The document stated that non-military means of warfare, such as cyber, economic, resource, psychological and information-based forms of conflict will become more prevalent in conflicts over the next two decades.

While the source of the attack remains classified, the usual cast of characters comes to mind. At the head of the list are of course China and the RBN — Russian Business Network. If the attack is found to be sponsored by another country, could this be considered an act of cyber war?