So if you are the chief Bad Guy - Dr. Evil, head of an unfriendly government's Intelligence Service - how to you hack the Fed.Gov classified network? Give people interesting poisoned bait - an interesting or funny video that contains embedded malware that runs when the video is watched. They'll want it, because it's interesting. They'll download it from the Red network (Al Gore's Intarwebz) and take it onto the Black network, where it will spread.Three years later, details of the whole situation are coming out, in a very good article in the Washington Post:
And now your spy comes into the picture. All he has to do is pick up the classified data that's been harvested by the malware botnet army that has infested the Black network. Of course there's risk, because he does indeed have to get past the armed Marine guards, but there is a long history of this sort of thing happening.
The risk to the Bad Guy was in gathering the collected material, which was the obvious (to me, at any rate) place to look for an intrusion.
One likely scenario is that an American soldier, official or contractor in Afghanistan — where the largest number of infections occurred — went to an Internet cafe, used a thumb drive in an infected computer and then inserted the drive in a classified machine. “We knew fairly confidently that the mechanism had been somebody going to a kiosk and doing something they shouldn’t have as opposed to somebody who had been able to get inside the network,” one former official said.
Once a computer became infected, any thumb drive used on the machine acquired a copy of Agent.btz, ready for propagation to other computers, like bees carrying pollen from flower to flower. But to steal content, the malware had to communicate with a master computer for instructions on what files to remove and how to transmit them.
These signals, or beacons, were first spotted by a young analyst in the NSA’s Advanced Networks Operations (ANO) team, a group of mostly 20- and 30-something computing experts assembled in 2006 to hunt for suspicious activity on the government’s secure networks.
It's a very interesting story of cyber cat and mouse, although the Wikileaks analogy doesn't have a place in it (that was espionage by a human actor, not malware). RTWT, both my original post and the WaPo story.
Yep, inherent shortcuts by people tend to be 90% of the problem... sigh
ReplyDelete"inherent shortcuts by people tend to be 90% of the problem..."
ReplyDeleteYep. 100% of the time.
I wonder how the Iranians downed the drone flying over their territory didn't they have a small problem at drone HQ recently that wasn't a problem apparently.
ReplyDeleteAs you can stop USB devices being used on a PC/laptop why wasn't that done?
knottedprop, I don't know if the malware on the drone control computers is related to this, or the lack of encryption on the drone links. Just don't know enough to speculate.
ReplyDelete