TOPICS

Defense officials still concerned about data lost in 2007 network attack

By Jill R. Aitoro jaitoro@govexec.com March 5, 2008

A June 2007 network intrusion at the Pentagon resulted in the theft of an "amazing amount" of data, and the incident remains a national security concern, a top Defense Department technology official said this week.

The Office of the Secretary of Defense detected malicious code in various portions of its network infrastructure while consolidating information technology resources in the middle of last year. Over the course of two months, the code infiltrated multiple systems, culminating in an intrusion that created havoc by exploiting a vulnerability in Microsoft Windows, said Dennis Clem, OSD's chief information officer.

During the attack, spoofed e-mails containing recognizable names were sent to OSD employees. When they opened the messages, user IDs and passwords that unlocked the entire network were stolen; as a result, sensitive data housed on Defense systems was accessed, copied and sent back to the intruder.

RELATED STORIES

"This was a very bad day," said Clem during a panel discussion at the Information Processing Interagency Conference Tuesday. The breach continues to pose a threat, he added. "We don't know when they'll use the information they stole, [which was] an amazing amount, [including] processes and procedures that will be valuable to adversaries."

Clem didn't give any indication that the source of the attack was identified, nor did he provide details about what data was accessed. He noted that the network used by the office of John Grimes, Defense CIO and assistant secretary of networks and information infrastructure, is maintained separately, and therefore was not compromised.

The portion of the network infrastructure under assault was shut down soon after the attack was detected. Recovery, which took three weeks and cost $4 million, involved the introduction of a new process of "checking out" temporary IDs and passwords for access to the network, stricter requirements about the use of common access cards for identity verification, and introduction of digital signatures to ensure that information comes from a valid source.

"It made a big difference" in securing the OSD network, which currently gets 70,000 malicious attempts at access a day, Clem said.

"This was something that [I thought] would never happen to me," he said. "Boy, was I wrong.... They're working hard, these people, and they're after us all the time... . If you don't know your network, and you're more of a policy CIO, you may find yourself in trouble."

VIEW ALL 8 COMMENTS POST COMMENT

COMMENTS

  • One would think that all money the US gov is pouring into defense, they would at least stay away from Microsoft, and make all the software dealing with public internet access all propriety and in-house built. Using Microsoft is like putting a trojan horse on you network. HarrierJoe Posted March 13, 2008 8:06 AM
  • I agree with Phil. Problems like this come from the top and almost always have something to do with money or power or lack of same. Bush is like an evil combination of Jed Clampett, Jethro Bodine, Milburn Drysdale. I've been in the security business for so long that I don't think a new administration is going to make things much better, but I remain ever the optimist. Orr Posted March 10, 2008 1:19 PM
  • You'd figure the pentagon would dis-allow anything but plain ascii text in email. But then again with all the cameras on the pentagon on 911 all we see is a little white streak. I can't wait until Bush is gone, and we can finally start to clean up the mess. Phil Posted March 9, 2008 5:56 AM
VIEW ALL 8 COMMENTS

TODAY'S MOST POPULAR