DoD Lost 24k Files In Attack On Contractor

Trailrunner7 writes with this news from ThreatPost: "A targeted attack on a defense contractor in March of this year resulted in the theft of 24,000 files by an unknown attacker, according to Defense Department officials. The attack, which officials say was the work of a foreign government, would represent one of the more serious known attacks on the department and its contractors. In a speech Thursday in which he unveiled the Department of Defense Strategy for Operating in Cyberspace, William J. Lynn, deputy defense secretary, said that the attack was just one of thousands such intrusions that the government and its contractors suffer every year."

Re:

[Forty Two Tenfold]

Kinda reminds me of "I accidentally 93MB of .rar files. what should I dois this dangerous ?"

24K Files

[Synerg1y]

Coming to a torrent near you.

Re:

[Luckyo]

Not damn likely. These thefts are usually paid-for jobs, done for a client. And clients for such operations are usually ones who want the information for themselves.

Re:

[oztiks]

That or China. My money is on China.

Re:

[Luckyo]

IF you think China is the only one with interest or capability, you're living in a bubble. A list of countries interested in US defense contractor inside information starts in the Western Europe and Latin America, and ends in Japan. Of these, most have the capability to either pay private criminal organisations to do the job, and several have capability and agencies to do the job themselves (i.e. GB, France, Germany, Russia, Australia, Japan, China, India...).

Just because some countries are painted as more

Re:

[oztiks]

Point taken, maybe not China's style. IF anything China's main focus is on commercial gain via legitimate markets, illegitimately.

would be interesting

[datorum]

if suffer also implies that the attacker were successful or was it the only one that was successful?

That's a lot of files

[liquidweaver]

I don't know how that did it. My cabinet has probably 150 files at best, and it weighs about 70 lbs. They must have used a really big truck and been awfully quick about it. Sounds like a team that specialized in file organization in the past - a rogue librarian thief ring!

Re:

[blair1q]

It's the Defense Department. They were all on microfiche.

Whoa! That's a lot of filez!

[Anonymous Coward]

Oh, wait. My laptop has 148k files. You mean to tell me that the DOD hasn't lost a single laptop before? And none have been hoovered??? Damn, they've got better security than we give them credit for!

Re:

[dokc]

If you have 148k files on your laptop, that means that you have a fresh Windows installation.

They don't "suffer" from attacks.

[gavron]

> the attack was just one of thousands such intrusions that the government and its contractors suffer every year

No, the government and its contractors suffer from incompetence, a lack of encryption, authentication, and data handling procedures. They suffer from violations of their own process. "Here, take this database, decrypt it and email it to our vendor." They suffer from upper management promoted on rank and time served, not competence.

The intrusions aren't what they suffer... they are a direct consequence of the incompetence our government shows daily.

How's that debt ceiling coming? I'd like to have mine raised. The mortgage is due tomorrow.

E

Re:

[the eric conspiracy]

How's that debt ceiling coming? I'd like to have mine raised. The mortgage is due tomorrow.

What you really want is for the Federal Reserve to buy 0% interest 30 year bonds that you issue.

Re:

[Fuzzums]

> the attack was just one of thousands such intrusions that the government and its contractors suffer every year

No, the government and its contractors suffer from incompetence, a lack of encryption, authentication, and data handling procedures. They suffer from violations of their own process. "Here, take this database, decrypt it and email it to our vendor." They suffer from upper management promoted on rank and time served, not competence.

The intrusions aren't what they suffer... they are a direct consequence of the incompetence our government shows daily.

A kind of competence many governments show these days :(

How's that debt ceiling coming? I'd like to have mine raised. The mortgage is due tomorrow.

E

You want MORE debt? Sounds like a subprime mortgage for governments :s

Re:

[digitalaudiorock]

I can't help wondering if this was related to the RSA SecureID breach(??): http://yro.slashdot.org/story/11/06/07/129217/RSA-Admits-SecurID-Tokens-Have-Been-Compromised [slashdot.org] The timing is about right.

Re:

[sdguero]

Your post made me feel sad.

Re:

[kermidge]

Yeah, and in the meanwhile Lulzsec, et alia, get the (FUD, hype) press whilst our solons enact yet more Draconian edicts. Sheesh. The real sufferers will be we citizens stuck with all the various consequences.

Re:

[freudigst]

You just figured that out? Uh, would you like to go to war for me, er, I mean the U.S.?

Re:

[Wildclaw]

How's that debt ceiling coming? I'd like to have mine raised. The mortgage is due tomorrow.

You mean the savings ceiling? Because in the real world, one mans debt is another mans savings.

As for your request to raise your personal debt ceiling. Unfortunately you are not eligible as your lack of ability to issue US dollars at will makes you unsuitable for the task of backing others savings.

And please stop comparing the currency issuer to a private household when it comes down to economics, because it is like comparing apples and oranges. Some things work the same, and some things work completely dif

Re:

[wolfemi1]

Wow, so an attack on a private contractor working for the government is a result of government incompetence? I suppose if all you have is the hammer of government blame in your toolbox....

Re:

[gavron]

> Wow, so an attack on a private contractor working for the government is a result of government incompetence? I suppose if all you have is the hammer of government blame in your toolbox....

We're talking about whether it's "suffering" on the part of the government and its contractors from the attacks... or being incompetent.

I suppose if all you have is inability to understand simple sentences in your toolbox....[sic] http://en.wikipedia.org/wiki/Ellipsis [wikipedia.org]

E

On that last comment

[sean.peters]

How's that debt ceiling coming? I'd like to have mine raised. The mortgage is due tomorrow.

This is just an illustration of how stupid the "debt ceiling" concept is. You agreed to a mortgage with a payment schedule, and now a payment has come due. You didn't set a "debt ceiling" that requires you to get special permission from yourself to actually pay the bill, because... that would be stupid. You explicitly agreed you were going to pay the bill when you made the mortgage.

Mostly, arguments of the form "the g

Dear LulzSec & Anonymous

[TubeSteak]

Dear LulzSec & Anonymous

Please continue making headlines with your infodumps from .gov, .mil, and contractor websites.
It's not like you're doing much damage, considering the terabytes being siphoned off by foreign governments.
Maybe if there's a bright enough spotlight shone onto the problem, the government will finally get around to fixing it.

Thank You,
Joe Q. Public

Re:

[todrules]

They might not fix it, but at least their brother/cousin/nephew or biggest campaign contributor will at least get a fat multi-billion dollar contract to "try" and fix it.

Re:

[slick7]

Dear LulzSec & Anonymous

Please continue making headlines with your infodumps from .gov, .mil, and contractor websites. It's not like you're doing much damage, considering the terabytes being siphoned off by foreign governments. Maybe if there's a bright enough spotlight shone onto the problem, the government will finally get around to fixing it.

Thank You, Joe Q. Public

Naah, we got Manning, Assange and McKinnon; we'll make them pay for the gross stupidity of government contractors, if fact, we'll give the contractor a ten year no-bid renewal.
Remember the government motto: No good deed goes unpunished and no fuck-up goes un-rewarded. You got to fuck-up to move up.

Seriously, lost files?

[sylvandb]

Who does these headlines? When something is lost, you do not have it any more.

Did the DoD really lose the files?

Or did they simply let some unauthorized someone(s) get a copy of said files?

Re:

[beowulfcluster]

The article says it was a case of "theft" and that the files were "stolen", so no, they probably don't have them anymore. Right?

I'm trying to figure out...

[Unkyjar]

why are these machines even connected to the net?

Re:I'm trying to figure out...

[c++0xFF]

They were connected because the information on them is unclassified. Yeah, they might prefer that the files wouldn't be disclosed to attackers, but in the end, the information isn't super secret. The convenience of the internet (easy collaboration with other engineers around the country, being able to use people that don't have a security clearance, or saving on the cost of a separate computer network) outweighs the risk in this case.

Believe it or not, the most blindingly obvious step in securing classified data (putting it on a separate network that's unconnected to the internet, a concept that I came up with before I was 10 years old and I'm sure I wasn't the youngest) has already been taken. It's a good thing, too ... computer security is hard, and you don't want to take that risk with anything that poses a threat to national security.

Re:

[Unkyjar]

That was a calm, clear, concise and well thought out answer to my question. Thank you.

What in the world are you doing on slashdot?

Re:

[Nyder]

why are these machines even connected to the net?

because the net is where the porn is.

"lost files"? "theft"?

[nothings]

Serious part

They "lost" 24K files? You mean the attackers deleted and them and they didn't have backups?

Not-really-serious part (but wait, or is it?)

"Theft"? So the attacker has the files and the owners of the files don't have them anymore? Because that's what it means to steal a car or a diamond or cash.

Really, since they didn't do any of these things, shouldn't we say that these attackers "illegally copied" the documents and/or the information?

And are they really "intruders" or "attackers"? May

What did you expect?

[Zamphatta]

Well that's what the gov't gets when they leave SONY in charge of security.

No Problem

[aaaaaaargh!]

No problem, it's the Defense Department. They can just hire another contractor, some fishy little sub-division of Lockheed or Raytheon who in turn hire other people to do the actual work. Their job is to link any incoming attacks to a geo IP database (easy, just steal some GPL'ed one) and automatically launch ICBMs against the threat.

It would be a waste of money to arm them with nukes, though. Cluster bombs or chemical weapons should suffice. Or, hey, how about this gay bomb? Is it still under development?

If they had decent backup

[rikkards]

They wouldn't have lost the files when they were taken.
Badum-bump
I'm here all week, have the steak!