A June 2007 network intrusion at the Pentagon resulted in the theft of an "amazing amount" of data, and the incident remains a national security concern, a top Defense Department technology official said this week.
The Office of the Secretary of Defense detected malicious code in various portions of its network infrastructure while consolidating information technology resources in the middle of last year. Over the course of two months, the code infiltrated multiple systems, culminating in an intrusion that created havoc by exploiting a vulnerability in Microsoft Windows, said Dennis Clem, OSD's chief information officer.
During the attack, spoofed e-mails containing recognizable names were sent to OSD employees. When they opened the messages, user IDs and passwords that unlocked the entire network were stolen; as a result, sensitive data housed on Defense systems was accessed, copied and sent back to the intruder.
"This was a very bad day," said Clem during a panel discussion at the Information Processing Interagency Conference Tuesday. The breach continues to pose a threat, he added. "We don't know when they'll use the information they stole, [which was] an amazing amount, [including] processes and procedures that will be valuable to adversaries."
Clem didn't give any indication that the source of the attack was identified, nor did he provide details about what data was accessed. He noted that the network used by the office of John Grimes, Defense CIO and assistant secretary of networks and information infrastructure, is maintained separately, and therefore was not compromised.
The portion of the network infrastructure under assault was shut down soon after the attack was detected. Recovery, which took three weeks and cost $4 million, involved the introduction of a new process of "checking out" temporary IDs and passwords for access to the network, stricter requirements about the use of common access cards for identity verification, and introduction of digital signatures to ensure that information comes from a valid source.
"It made a big difference" in securing the OSD network, which currently gets 70,000 malicious attempts at access a day, Clem said.
"This was something that [I thought] would never happen to me," he said. "Boy, was I wrong…. They're working hard, these people, and they're after us all the time... . If you don't know your network, and you're more of a policy CIO, you may find yourself in trouble."