[ISN] Defense officials still concerned about data lost in 2007 network attack

From: InfoSec News (alerts@private)
Date: Thu Mar 06 2008 - 06:18:59 PST


http://www.govexec.com/story_page.cfm?articleid=39456

By Jill R. Aitoro  
Govexec.com  
March 5, 2008

A June 2007 network intrusion at the Pentagon resulted in the theft of 
an "amazing amount" of data, and the incident remains a national 
security concern, a top Defense Department technology official said this 
week.

The Office of the Secretary of Defense detected malicious code in 
various portions of its network infrastructure while consolidating 
information technology resources in the middle of last year. Over the 
course of two months, the code infiltrated multiple systems, culminating 
in an intrusion that created havoc by exploiting a vulnerability in 
Microsoft Windows, said Dennis Clem, OSD's chief information officer.

During the attack, spoofed e-mails containing recognizable names were 
sent to OSD employees. When they opened the messages, user IDs and 
passwords that unlocked the entire network were stolen; as a result, 
sensitive data housed on Defense systems was accessed, copied and sent 
back to the intruder.

"This was a very bad day," said Clem during a panel discussion at the 
Information Processing Interagency Conference [1] Tuesday. The breach 
continues to pose a threat, he added. "We don't know when they'll use 
the information they stole, [which was] an amazing amount, [including] 
processes and procedures that will be valuable to adversaries."

Clem didn't give any indication that the source of the attack was 
identified, nor did he provide details about what data was accessed. He 
noted that the network used by the office of John Grimes, Defense CIO 
and assistant secretary of networks and information infrastructure, is 
maintained separately, and therefore was not compromised.

The portion of the network infrastructure under assault was shut down 
soon after the attack was detected. Recovery, which took three weeks and 
cost $4 million, involved the introduction of a new process of "checking 
out" temporary IDs and passwords for access to the network, stricter 
requirements about the use of common access cards for identity 
verification, and introduction of digital signatures to ensure that 
information comes from a valid source.

"It made a big difference" in securing the OSD network, which currently 
gets 70,000 malicious attempts at access a day, Clem said.

"This was something that [I thought] would never happen to me," he said. 
"Boy, was I wrong.... They're working hard, these people, and they're 
after us all the time... . If you don't know your network, and you're 
more of a policy CIO, you may find yourself in trouble."

[1] http://www.ipicconference.org/


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Thu Mar 06 2008 - 06:47:40 PST