Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Time To Check For The Reds Under Your Bed

Reporting on a recent set of compromises to US military systems in Afghanistan has identified different attackers, depending on who you listen to.

On the one hand we have the attacks being tenuously linked to attackers based in Russia, and on the other we have the attacks being tenuously linked to attackers based in China. Aside from the poor light it casts the military in (not being able to determine roughly who is behind a network attack) it suggests that the bad old days of the cold war haven't really gone away very far. If anything, the location for confrontation has shifted into the information systems and away from the proxy wars and world oceans.

Whether that is still the case is a topic for another time. It certainly wouldn't hurt some military planners and leaders to have a well-defined set of enemies again, nation states instead of the stateless bodies that are the current enemy-du-jour. With this in mind it doesn't take too much to see this as being something that is a lot less than is being claimed by the military. Certainly, the network compromises are embarrassing and potentially risky for national security, but there may be too much being read into why the attacks have taken place.

It is highly likely that whoever is carrying out these attacks is using resources in Russia and China to achieve their goals, hence it looking like the attacker might be coming from two places at once. It is also highly likely that the attacks have been opportunistic and not purely a result of targeted attacks. Targeted attacks are more likely to show up as 0-day infections, such as the various Office vulnerabilities that have been used over the years to compromise government networks.

Sure, it might be possible that a targeted attack against military systems was carried out using and AUTORUN infector that is not leading edge and which had no guarantee of ever making it onto the military systems (social engineering notwithstanding), but it is more likely that a targeted attack isn't going to be as obvious. If you are a conspiracy nut, then perhaps it is being used as misdirection, while the real targeted attack is taking place through other channels...

There are plenty of people in Information Security who dismiss the concept of each device on a network having its own protection against other devices but it is a key part to a full defense in depth approach to security. In cases like this, effective defences between systems on the same network segments would have limited the ability of the malware to spread and take hold within the military networks.

29 November 2008

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.