Friday, December 16, 2011

What the Pentagon SHOULD Spend Money On

Devastating.

In this report WIRED revisits the 2008 incident that resulted in a ‘complete’ ban on the use of portable USB drives on military (NIPRnet and SIPRnet) networks, after a USB-borne trojan horse began compromising the classified networks. At the time we recall DoD spokespeople saying “no classified material was compromised” but in reality-land when your network has unknown installations of spreading malware, you are not entitled to make statements about what is or is not compromised. The assumption is that no data was exfiltrated because if data were exfiltrated it would have had to go out through an isolated “air gap” connection — exactly the kind of connection that Bradley Manning exfiltrated data from. In the world of computer security, being compromised is similar to being pregnant; there is no such thing as “a little compromised.

So the Iranians (or their allies--PRC, anyone?) aren't really brilliant IT engineering gurus.

The Pentagon, however, is dumber than a box of rocks.  There are 300,000 people who can access the DoD network.  THREE HUNDRED THOUSAND.  And once in, they can go anywhere they want.

Far more at the link.

No comments: