Re: [Fwd: RE: Pentagon Hit by Unprecedented Cyber Attack]

[freed0 <freed0 () shadowserver org>]

Except for the fact that mobile media devices have been a severe issue
for a number of years for the military because they have been used, allowed
or not.  Look at the repeated loss of classified information in Iraq and
Afghanistan through those mobile storage devices being stolen or lost and
then sold on the open market.

I am not defending the story, because yes, it is lame, but I think you
are being blind to the reality of the issue that is there and being faced.
Just banning the devices will not be very effective either.


Richard

References
----------
Floppy Drive Usage:  http://www.almc.army.mil/alog/issues/JanFeb07/cssamo_exper.html
USB Drive Usage:     http://www.tek-tips.com/viewthread.cfm?qid=1496350&page=3
USB Stick Usage:     
http://www.independent.co.uk/news/uk/home-news/army-interpreter-found-guilty-of-spying-for-iran-in-afghanistan-994913.html
Random USB Device:   http://groups.google.com/group/rec.aviation.military/browse_thread/thread/25563667634003a9

And many more to be found.

Jon Kibler wrote:
> Fox News has just published the most lame article I have seen to date on
> "Pentagon Cyber Attacks":
> http://www.foxnews.com/politics/2008/11/20/pentagon-cyber-siege-unprecedented-attack/
>
> Here is some feedback I sent to them regarding the article. (Yeah, its a
> little over the top, but I had a point to make!). Also, about my "#1"
> item below... the site, at the time I am writing this, had a broken link
> on its "Add Comment" item on the article.
>
> When will the media EVER get it right?
>
> Jon K.
>
> -------- Original Message --------
> Subject: RE: Pentagon Hit by Unprecedented Cyber Attack
> Date: Thu, 20 Nov 2008 21:11:44 -0500
> From: Jon Kibler <Jon.Kibler () aset com>
> Reply-To: Jon.Kibler () aset com
> Organization: Advanced Systems Engineering Technology, Inc.
> To: yourcomments () foxnews com, foxnewsonline () foxnews com,
> politics () foxnews com
>
> Two Comments:
>
> 1) Your article shows "0 Comments" because you cannot add comments to
> the article. If you click on "Add Comment" you are taken to the page
> "http://www.foxnews.com/politics/index.html";. I guess that you don't
> really want comments.
>
> 2) About the article: No organization that has ANY interest in security
> should allow ANY type of removable media on ANY system. No hard drives,
> no CD/DVD players or burners, no thumb drives, no MP3 players, etc. To
> allow removable media and/or devices introduces two serious risks: a)
> data exfiltration, and b) malware infections. The DoD has never allowed
> removable media on any classified network, and I was under the
> impression that the same policy applied to unclassified networks as
> well. Please check your sources. Either the DoD has relaxed common
> security policies or your sources are flat out wrong in their
> allegations regarding infection source. If the DoD policy about using
> removable media on unclassified networks has changed, you REALLY need to
> find out whose really really really stupid idea it was to implement such
> a policy! Has 'convenience' replaced 'security' in our defense department?
>
> Bottom line: The article is both lame and pure hype in my professional
> opinion. There is absolutely ZERO that is extraordinary about banning
> removable media. It is simply good security policy and practice. ANY
> organization that allows removable media is, by definition, insecure.
>
> If Fox thinks such actions are "extraordinary", then you are telling the
> entire world "Hey y'all Fox News is insecure. Please come hack us!".
> From your story, it is clear that if I wanted to take over the entire
> Fox News data network, I could leave a few DVDs and thumb drives laying
> around some of your offices, your employees would pick them up and plug
> them in (if for no other reason, just to see what is on them), infecting
> your computers and giving me 100% complete control of your network.
>
> Whoever wrote this article, clearly has zero knowledge of I.T. Security
> and clearly has no idea that they are openly inviting attacks against
> Fox News. "Hack Me, PLEASE!"
>
> I always knew you guys were lame, and that you really did not have even
> a half a clue about real national security issues... and now you have
> gone and proven it. Congratulations!
>
> Sincerely,
>
> Jon Kibler

==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



------------------------------------------------------------------------

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.