'Amazing Amount Of Sensitive Data' Stolen During Pentagon Data Breach
Tuesday, March 18, 2008
In case you have been distracted by what passes as news: Britney Spears, Lindsay Lohan, the Mills-McCartney divorce, which celebs' have a baby bump, American Idol, college basketball, and/or the Spitzer sex scandal -- you should know that the Pentagon, perhaps the most important U.S. military facility, suffered a data breach. On March 6, London-based The Register reported:
"A network intrusion at the Pentagon nine months ago resulted in the theft of an "amazing amount of data" that continues to pose a threat to national security, the CIO of the Defense Department said earlier this week... Over the course of two months leading up to the attack, malicious code infiltrated several systems belonging to the Pentagon's network and culminated in an exploit of a known Microsoft Windows vulnerability, Clem said. That allowed attackers to send spoofed emails that appeared to come from Pentagon personnel in Clem's division."
In the war on terror, the Pentagon is one facility you know our enemies will attack... repeatedly. And it's one facility you definitely don't want to have a data breach. So you plan on that. Dennis Clem, the CIO of the Office of the Secretary of Defense (OSD), said:
"This was a very bad day... "We don't know when they'll use the information they stole, [which was] an amazing amount."
The Government Executive publication reported:
"A June 2007 network intrusion at the Pentagon resulted in the theft of an "amazing amount" of data, and the incident remains a national security concern, a top Defense Department technology official said this week. The Office of the Secretary of Defense detected malicious code in various portions of its network infrastructure while consolidating information technology resources in the middle of last year. Over the course of two months, the code infiltrated multiple systems, culminating in an intrusion that created havoc by exploiting a vulnerability in Microsoft Windows... spoofed e-mails containing recognizable names were sent to OSD employees. When they opened the messages, user IDs and passwords that unlocked the entire network were stolen; as a result, sensitive data housed on Defense systems was accessed, copied and sent back to the intruder."
The government's response to the cyber attack:
"The portion of the network infrastructure under assault was shut down soon after the attack was detected. Recovery, which took three weeks and cost $4 million, involved the introduction of a new process of "checking out" temporary IDs and passwords for access to the network, stricter requirements about the use of common access cards for identity verification, and introduction of digital signatures to ensure that information comes from a valid source."
Interestingly, about a week later the Wall Street Journal reported:
"The top U.S. commander in charge of cyberspace said that American military networks are coming under increasing attack from hackers seeking to steal classified information, and that many of the incidents appear linked to China. Gen. Kevin Chilton, who heads the military's Strategic Command here, stopped short of formally accusing Beijing of responsibility for the attacks. But he said there was significant evidence to suggest that China was behind many of the incidents... In a report released earlier this month, the Pentagon said that the Chinese People's Liberation Army was expanding its military power from 'the land, air and sea dimensions of the traditional battlefield into the space and cyber-space domains.' "
Meanwhile, this ad has appeared on network television:
Great post, George! The ad, totally ironic!
Posted by: Catherine | Tuesday, March 18, 2008 at 10:41 PM