funsec mailing list archives
U.S. Defense Officials Still Concerned About Data Lost in 2007 Network Attack
From: "Paul Ferguson" <fergdawg () netzero net>
Date: Wed, 5 Mar 2008 20:24:57 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Via GovExec. [snip] A June 2007 network intrusion at the Pentagon resulted in the theft of an "amazing amount" of data, and the incident remains a national security concern, a top Defense Department technology official said this week. The Office of the Secretary of Defense detected malicious code in various portions of its network infrastructure while consolidating information technology resources in the middle of last year. Over the course of two months, the code infiltrated multiple systems, culminating in an intrusion that created havoc by exploiting a vulnerability in Microsoft Windows, said Dennis Clem, OSD's chief information officer. During the attack, spoofed e-mails containing recognizable names were sent to OSD employees. When they opened the messages, user IDs and passwords that unlocked the entire network were stolen; as a result, sensitive data housed on Defense systems was accessed, copied and sent back to the intruder. "This was a very bad day," said Clem during a panel discussion at the Information Processing Interagency Conference Tuesday. The breach continues to pose a threat, he added. "We don't know when they'll use the information they stole, [which was] an amazing amount, [including] processes and procedures that will be valuable to adversaries." [snip] More: http://www.govexec.com/story_page.cfm?articleid=39456 - - ferg Hat-tip: dissent -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHzwGVq1pz9mNUZTMRAj46AJ45DHf89xMLFqi9IaYiyrGAYahg6wCgrzRS ec0wz8pXyjYh3NnpWQxr8Q0= =dtMF -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- U.S. Defense Officials Still Concerned About Data Lost in 2007 Network Attack Paul Ferguson (Mar 05)