Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Government Security The Military United States Your Rights Online

DoD Lost 24k Files In Attack On Contractor 49

Trailrunner7 writes with this news from ThreatPost: "A targeted attack on a defense contractor in March of this year resulted in the theft of 24,000 files by an unknown attacker, according to Defense Department officials. The attack, which officials say was the work of a foreign government, would represent one of the more serious known attacks on the department and its contractors. In a speech Thursday in which he unveiled the Department of Defense Strategy for Operating in Cyberspace, William J. Lynn, deputy defense secretary, said that the attack was just one of thousands such intrusions that the government and its contractors suffer every year."
This discussion has been archived. No new comments can be posted.

DoD Lost 24k Files In Attack On Contractor

Comments Filter:
  • Coming to a torrent near you.
    • by Luckyo ( 1726890 )

      Not damn likely. These thefts are usually paid-for jobs, done for a client. And clients for such operations are usually ones who want the information for themselves.

      • by oztiks ( 921504 )

        That or China. My money is on China.

        • by Luckyo ( 1726890 )

          IF you think China is the only one with interest or capability, you're living in a bubble. A list of countries interested in US defense contractor inside information starts in the Western Europe and Latin America, and ends in Japan. Of these, most have the capability to either pay private criminal organisations to do the job, and several have capability and agencies to do the job themselves (i.e. GB, France, Germany, Russia, Australia, Japan, China, India...).

          Just because some countries are painted as more

          • by oztiks ( 921504 )

            Point taken, maybe not China's style. IF anything China's main focus is on commercial gain via legitimate markets, illegitimately.

  • if suffer also implies that the attacker were successful or was it the only one that was successful?
  • by liquidweaver ( 1988660 ) on Thursday July 14, 2011 @05:45PM (#36769536)
    I don't know how that did it. My cabinet has probably 150 files at best, and it weighs about 70 lbs. They must have used a really big truck and been awfully quick about it. Sounds like a team that specialized in file organization in the past - a rogue librarian thief ring!
  • by Anonymous Coward

    Oh, wait. My laptop has 148k files. You mean to tell me that the DOD hasn't lost a single laptop before? And none have been hoovered??? Damn, they've got better security than we give them credit for!

    • by dokc ( 1562391 )
      If you have 148k files on your laptop, that means that you have a fresh Windows installation.
  • by gavron ( 1300111 ) on Thursday July 14, 2011 @05:50PM (#36769570)

    > the attack was just one of thousands such intrusions that the government and its contractors suffer every year

    No, the government and its contractors suffer from incompetence, a lack of encryption, authentication, and data handling procedures. They suffer from violations of their own process. "Here, take this database, decrypt it and email it to our vendor." They suffer from upper management promoted on rank and time served, not competence.

    The intrusions aren't what they suffer... they are a direct consequence of the incompetence our government shows daily.

    How's that debt ceiling coming? I'd like to have mine raised. The mortgage is due tomorrow.

    E

    • How's that debt ceiling coming? I'd like to have mine raised. The mortgage is due tomorrow.

      What you really want is for the Federal Reserve to buy 0% interest 30 year bonds that you issue.

    • by Fuzzums ( 250400 )

      > the attack was just one of thousands such intrusions that the government and its contractors suffer every year

      No, the government and its contractors suffer from incompetence, a lack of encryption, authentication, and data handling procedures. They suffer from violations of their own process. "Here, take this database, decrypt it and email it to our vendor." They suffer from upper management promoted on rank and time served, not competence.

      The intrusions aren't what they suffer... they are a direct consequence of the incompetence our government shows daily.

      A kind of competence many governments show these days :(

      How's that debt ceiling coming? I'd like to have mine raised. The mortgage is due tomorrow.

      E

      You want MORE debt? Sounds like a subprime mortgage for governments :s

    • I can't help wondering if this was related to the RSA SecureID breach(??): http://yro.slashdot.org/story/11/06/07/129217/RSA-Admits-SecurID-Tokens-Have-Been-Compromised [slashdot.org] The timing is about right.
    • Your post made me feel sad.
    • Yeah, and in the meanwhile Lulzsec, et alia, get the (FUD, hype) press whilst our solons enact yet more Draconian edicts. Sheesh. The real sufferers will be we citizens stuck with all the various consequences.

    • by Wildclaw ( 15718 )

      How's that debt ceiling coming? I'd like to have mine raised. The mortgage is due tomorrow.

      You mean the savings ceiling? Because in the real world, one mans debt is another mans savings.

      As for your request to raise your personal debt ceiling. Unfortunately you are not eligible as your lack of ability to issue US dollars at will makes you unsuitable for the task of backing others savings.

      And please stop comparing the currency issuer to a private household when it comes down to economics, because it is like comparing apples and oranges. Some things work the same, and some things work completely dif

    • Wow, so an attack on a private contractor working for the government is a result of government incompetence? I suppose if all you have is the hammer of government blame in your toolbox....
      • by gavron ( 1300111 )

        > Wow, so an attack on a private contractor working for the government is a result of government incompetence? I suppose if all you have is the hammer of government blame in your toolbox....

        We're talking about whether it's "suffering" on the part of the government and its contractors from the attacks... or being incompetent.

        I suppose if all you have is inability to understand simple sentences in your toolbox....[sic] http://en.wikipedia.org/wiki/Ellipsis [wikipedia.org]

        E

    • How's that debt ceiling coming? I'd like to have mine raised. The mortgage is due tomorrow.

      This is just an illustration of how stupid the "debt ceiling" concept is. You agreed to a mortgage with a payment schedule, and now a payment has come due. You didn't set a "debt ceiling" that requires you to get special permission from yourself to actually pay the bill, because... that would be stupid. You explicitly agreed you were going to pay the bill when you made the mortgage.

      Mostly, arguments of the form "the g

  • by TubeSteak ( 669689 ) on Thursday July 14, 2011 @06:20PM (#36769854) Journal

    Dear LulzSec & Anonymous

    Please continue making headlines with your infodumps from .gov, .mil, and contractor websites.
    It's not like you're doing much damage, considering the terabytes being siphoned off by foreign governments.
    Maybe if there's a bright enough spotlight shone onto the problem, the government will finally get around to fixing it.

    Thank You,
    Joe Q. Public

    • They might not fix it, but at least their brother/cousin/nephew or biggest campaign contributor will at least get a fat multi-billion dollar contract to "try" and fix it.
    • by slick7 ( 1703596 )

      Dear LulzSec & Anonymous

      Please continue making headlines with your infodumps from .gov, .mil, and contractor websites. It's not like you're doing much damage, considering the terabytes being siphoned off by foreign governments. Maybe if there's a bright enough spotlight shone onto the problem, the government will finally get around to fixing it.

      Thank You, Joe Q. Public

      Naah, we got Manning, Assange and McKinnon; we'll make them pay for the gross stupidity of government contractors, if fact, we'll give the contractor a ten year no-bid renewal.
      Remember the government motto: No good deed goes unpunished and no fuck-up goes un-rewarded. You got to fuck-up to move up.

  • Who does these headlines? When something is lost, you do not have it any more.

    Did the DoD really lose the files?

    Or did they simply let some unauthorized someone(s) get a copy of said files?

    • The article says it was a case of "theft" and that the files were "stolen", so no, they probably don't have them anymore. Right?
  • by Unkyjar ( 1148699 ) on Thursday July 14, 2011 @09:16PM (#36771226)

    why are these machines even connected to the net?

    • by c++0xFF ( 1758032 ) on Thursday July 14, 2011 @11:58PM (#36772042)

      They were connected because the information on them is unclassified. Yeah, they might prefer that the files wouldn't be disclosed to attackers, but in the end, the information isn't super secret. The convenience of the internet (easy collaboration with other engineers around the country, being able to use people that don't have a security clearance, or saving on the cost of a separate computer network) outweighs the risk in this case.

      Believe it or not, the most blindingly obvious step in securing classified data (putting it on a separate network that's unconnected to the internet, a concept that I came up with before I was 10 years old and I'm sure I wasn't the youngest) has already been taken. It's a good thing, too ... computer security is hard, and you don't want to take that risk with anything that poses a threat to national security.

      • That was a calm, clear, concise and well thought out answer to my question. Thank you.

        What in the world are you doing on slashdot?

    • by Nyder ( 754090 )

      why are these machines even connected to the net?

      because the net is where the porn is.

  • Serious part

    They "lost" 24K files? You mean the attackers deleted and them and they didn't have backups?

    Not-really-serious part (but wait, or is it?)

    "Theft"? So the attacker has the files and the owners of the files don't have them anymore? Because that's what it means to steal a car or a diamond or cash.

    Really, since they didn't do any of these things, shouldn't we say that these attackers "illegally copied" the documents and/or the information?

    And are they really "intruders" or "attackers"? May

  • Well that's what the gov't gets when they leave SONY in charge of security.
  • No problem, it's the Defense Department. They can just hire another contractor, some fishy little sub-division of Lockheed or Raytheon who in turn hire other people to do the actual work. Their job is to link any incoming attacks to a geo IP database (easy, just steal some GPL'ed one) and automatically launch ICBMs against the threat.

    It would be a waste of money to arm them with nukes, though. Cluster bombs or chemical weapons should suffice. Or, hey, how about this gay bomb? Is it still under development?

  • They wouldn't have lost the files when they were taken.
    Badum-bump
    I'm here all week, have the steak!

Let's organize this thing and take all the fun out of it.

Working...