When things go wrong keep it quiet? What the hell were these people thinking?

coachisright.com ^ | OCTOBER 15TH, 2011 | Jim Emerson, staff writer

[jmaroneps37]

For the last two weeks Air Force computer specialists have been battling a computer infection of ground based computers that control drones operating over the Mideast. The administration specialists at Creech AFB, Nevada wanted to keep the incident quiet till they could eliminate the virus by themselves.

Instead of asking for help the command was overwhelmed by a virus that couldn’t be easily removed. Because of the time wasted it may take a while before the extent of the infection is known and what systems have been compromised.

Keylogger

The virus affecting the ground stations was a “keylogger” virus. A keylogger is an almost unnoticeable spyware that monitors key strokes and control clicks and sent the information to an external host computer. This virus had been found on several unclassified and classified computers. As of this time investigating officials haven’t determined how the virus was introduced into the network. Because of the time wasted in trying to remove the infection the so-called smoking gun will be difficult to discover.

The keylogger virus on the Creech computers are most likely Kernel-based or rootkit based virus which are most sophisticated and the most difficult to remove. The virus was most likely delivered by a Trojan that is behaving as a benign file.

To date it is not known if the virus has damaged any systems or transmitted recorded keystroked to an external host. Such an attack should of have been reported to the 24th Air Force, Cyber Command, but it wasn’t. The Air Force needs to know that one of its vital systems has been compromised.

How did Cyber Security know?

The Air Force’s cyber security specialists were surprised ……. learned about the virus infection in the pages Wired.com.

The Air Force’s cyber command had to admit……

[jmaroneps37]

Didn't we just suffer the loss of two war figherts KIA because of this virus? Why did these people think they should/could fix this by themselves? The incompentance makes you want to scream.

[HiTech RedNeck]

Looks like the virus got onto the system through USB drives. Its attempts to notify an external system will be in vain, however it is a lousy security design to assume that no external media will ever be introduced to the system. That’s how viruses worked in the early days, although through diskettes rather than our modern USB drives.

[E. Pluribus Unum]

Military weapons systems should not be using Windoze.

Period.

[Doe Eyes]

Didn't we just suffer the loss of two war figherts KIA because of this virus?

I haven't heard about this. More info please.

[Bryan24]

Computer systems that should NEVER, EVER, be Microsoft Windows bases:
DoD
Homeland Security
Department of Energy
National Power Grid

[Bryan24]

Computer systems that should NEVER, EVER, be Microsoft Windows bases:
DoD
Homeland Security
Department of Energy
National Power Grid

[grey_whiskers]

Computer systems that should NEVER, EVER, be Microsoft
Windows bases:
DoD
Homeland Security
Department of Energy
National Power Grid

...or anything else!

Cheers!

[USNBandit]

That statement is not correct. The blue on blue incident was due to human error, not this virus.

The command in question had been treating the symptom (removing the virus) without finding the cause (a specific infected drive used to bring data from another base.)

[wideawake]

So we gave in to Bradley Manning’s agenda, but we learned nothing from his crimes. Great job, bureaucrats.

[jmaroneps37]

http://www.latimes.com/news/nationworld/world/afghanistan/la-fg-pentagon-drone-20111014,0,5628010.story

This what I was referring to Sorry my mistake.

[kingu]

Windows XP is extremely prevalent in command and control computers, from the Aegis systems to even the rides at Disneyland. Tens of millions of systems which perform critical real time command and control where people are at risk at any moment, and all at risk of being infiltrated by a virus.

Disneyland provides the model for the military in this - each command system has physically taped to the computer a set of restoration discs to return the system to certified state in case of malfunction or infection. If there is a concern, the system is restored from those discs, and if there is a hardware failure, those discs can restore the image to another computer for immediate repairs.

The certification of classified machines is the problem here. A computer restored from backups must be re-certified before it can hold classified information again. Whereas an image of that machine at time of certification, as well as restoration of secure documents from the server, means that downtime in the event of an intrusion such as a virus can be mere hours rather than weeks.

And it would take very little to secure these machines against USB intrusions. A change in government procurement to require machines certified for government service to include a small cut out in the USB connectors so that a physical lock can be installed on all USB connections that are unused, and a further requisition for keyboards and mice that physically lock into place would nail down a lot of these problems. File transfers to USB dongles could be accomplished through a read only host server and prevent these USB devices from ever mounting as system discs.

Any time a system puts barriers in to prevent local and swift correction of problems, they open the door for a breakdown in the secure system itself. A buck's worth of backup DVDs could have restored these systems, and cheap locks on usb ports could have prevented the intrusion in the first place.

[Paladin2]

Weld up the USB ports, cut off the antennas and make the network closed.

[Paladin2]

Swappable HDs would make the restore only a matter of a few minutes.

[USNBandit]

The key logger in question was evidently a virus targeting online poker play. It was looking for usernames and passwords. Unfortunately, some user must have plugged that portable drive into a computer it wasn't supposed to get plugged into.

DOD has been hit numerous times during this war due to the activities of its users. This is a an example of a user using a storage device for classified and unclassified data, a huge no no.

One solution would be mobile storage that will only work between client computers and won't connect on those without client software. Another would be a drive that logs the MAC addresses it is plugged into, but that would require auditing.

[TankerKC]

Didn't we just suffer the loss of two war fighters KIA because of this virus?

When? Do you have details?

[TankerKC]

Didn't we just suffer the loss of two war figherts KIA because of this virus?

A Marine and a Navy medic killed by a U.S. drone airstrike were targeted when Marine commanders in Afghanistan mistook them for Taliban fighters, even though analysts watching the Predator's video feed were uncertain whether the men were part of an enemy force.

You're a damned liar.

[Uri’el-2012]

Weld up the USB ports, cut off the antennas and make the network closed.

I'll bet it came in via sneaker-net.

[hattend]

I don’t get how a classified computer can be connected to the outside world. It wasn’t allowed when I was working in a SCIF in the Air Force (1993-95 timeframe).

[TheOldLady]

Click the Pic               Thank you, JoeProBono

Gary and Harriet Had a Talk
They Kissed and Made Up Again

Follow the Exciting Adventures of Gary the Snail!

Abolish FReepathons
Go Monthly

If every FReeper and Lurker gave just $7 a month
We could end the FReepathons

[TheOldLady]

Click the Pic               Thank you, JoeProBono

Gary and Harriet Had a Talk
They Kissed and Made Up Again

Follow the Exciting Adventures of Gary the Snail!

Abolish FReepathons
Go Monthly

If every FReeper and Lurker gave just $7 a month
We could end the FReepathons