Social Web
E-mail

Computer Virus Hits U.S. Military Base in Afghanistan

U.S. military officials speculate the cyber attack may have originated in China

Posted November 28, 2008

KABUL—The largest U.S. military base in Afghanistan was hit by a computer virus earlier this month that affected nearly three quarters of the computers on the base, U.S. News has learned.

This wasn't the first such cyberattack, and officials said that earlier incarnations of the virus had exported information such as convoy and troop movements here. It was not clear precisely what information, if any, was being pulled from Department of Defense computers by this latest virus, they said.

Officials familiar with the computer attack characterized it as extremely aggressive and said that it originated in China. However, they haven't been able to determine whether the viruses are part of a covert Chinese government effort or the work of private hackers.

U.S. military officials on the base took the step of prohibiting the use of portable flash memory, or "thumb drives," as they learned more about the virus. The move reflects the concern that the portable drives can inadvertently spread viruses through separate computer networks in the field. Late last week, Pentagon officials also banned the use of thumb drives because of concerns that they were spreading a virus through the Department of Defense computer networks.

U.S. military spokesmen at Bagram declined to comment, citing operational security.

But privately, U.S. military officials express grave concerns. The Chinese "learn a lot from these attacks," says one U.S. military intelligence official. "Like how our logistics and other systems work."

Reader Comments

Linux

is the way to go, you guys.

Oscar of XX
Jan 16, 2009 22:57:36 PM [permalink] [report comment]

Why are we running Windows?

Is the US military seriously running a Windows Server based network. I would expect some variant of Unix/Linux (at least on the servers). An entire *nix based network would be more appropriate. Aside from our choice of OS, no firewall/default passwords? WTF are they thinking?

Garrett Gordon of CA
Dec 04, 2008 15:58:44 PM [permalink] [report comment]

Yeah ... US Defense computer security

Perhaps some of you have caught on to the story of the British computer nerd Gary Simmons (see http://en.wikipedia.org/wiki/Gary_McKinnon) who obtained unauthorised access to loads of US defense and NASA computers.

To quote from the Wikipedia article:

"In an interview televised on the BBC's Click programme,[22] he claimed that he was able to break into the military's networks simply by using a Perl script that searched for blank passwords; in other words his report suggests that there were computers on these networks with the default passwords active."

Got that? He broke in by using *blank* passwords and *default* passwords (the sort that manufacturers put on their systems before they ship them to customers). And those computers weren't even firewalled! If you thought that this amounts to a total lack (not poor implementation of, a total lack of) computer security you would be right. It would disgrace the security of Wall-marts computer systems. For a defense establishment anything like is shoddy and irresponsible beyond belief.

Having an extensive computer network is no excuse, especially because of US policy to *trust* all computers in its own network. Which means that is you find just one single machine that's not adequately guarded, you are then able (to a certain extent) to work "from the inside".

I'm afraid that we're talking about the same military here, but just another branch. Somehow I can't bring myself to believe that this time round it discharged anything like "due dilligence" or "reasonable care" in protecting its computer networks. It's all very well to run around in a panic, declare INFOCON, and brief the president, but exactly whose fault is this?

If a 19-year old kid can break into your systems, can you really be surprised that foreign intelligence services are apparently able to replicate this? It looks not so much like a disasterously efficient attack on US defense computer networks as poor design and worse implementation of computer security concepts. After all ... if you have an Army base with a gate but no fence, and one or more back doors unlocked, or locked with standard keys that anyone can by around the corner can you really be surprised if you get burglars?

And can you call it burgling if you get un-authorised entry through a backdoor which is not locked? I don't.

I just thought I should say this.

Golodh of XX
Dec 03, 2008 05:02:00 AM [permalink] [report comment]

Add your thoughts

Subject: Type your comments here: (3000 characters left) Your name: Your E-mail address: State: Your comment will be posted immediately, unless it is spam or contains profanity. For more information, please see our Comments FAQ.