DoD Takes Criticism From Security Experts On Cyberwar Incident 116
Posted
by
Soulskill
from the no-mr-bond-i-expect-you-to-torrent dept.
from the no-mr-bond-i-expect-you-to-torrent dept.
wiredmikey writes "Undersecretary of Defense William J. Lynn is being challenged by IT security experts who find it hard to believe that the incident which led to the Pentagon's recognizing cyberspace as a new 'domain of warfare' could have really happened as described. In his essay, 'Defending a New Domain,' Lynn recounts a widely-reported 2008 hack that was initiated when, according to Lynn, an infected flash drive was inserted into a military laptop by 'a foreign intelligence agency.' Critics such as IT security firm Sophos' Chief Security Adviser Chester Wisniewski argue that this James Bond-like scenario doesn't stand up to scrutiny. The primary issue is that the malware involved, known as agent.btz, is neither sophisticated nor particularly dangerous. A variant of the SillyFDC worm, agent.btz can be easily defeated by disabling the Windows 'autorun' feature (which automatically starts a program on a drive upon insertion) or by simply banning thumb drives. In 2007, Silly FDC was rated as Risk Level 1: Very Low, by security firm Symantec."
Re:lulz (Score:1, Funny)
Clearly they need to create a new command structure and several brave new cyberwarfighter divisions to hold shift while inserting media. Higher ranking officers can take tech support calls or power cycle the nuke fire control on schedule.
Re:Two words: Bradley Manning (Score:3, Funny)
To be fair this incident happened two years ago. Which means they should be getting around to resolving the Bradley Manning issue and review some time in 2012...