Wednesday, March 05, 2008

U.S. Defense Officials Still Concerned About Data Lost in 2007 Network Attack

Jill R. Aitoro writes on GovExec:

A June 2007 network intrusion at the Pentagon resulted in the theft of an "amazing amount" of data, and the incident remains a national security concern, a top Defense Department technology official said this week.

The Office of the Secretary of Defense detected malicious code in various portions of its network infrastructure while consolidating information technology resources in the middle of last year. Over the course of two months, the code infiltrated multiple systems, culminating in an intrusion that created havoc by exploiting a vulnerability in Microsoft Windows, said Dennis Clem, OSD's chief information officer.

During the attack, spoofed e-mails containing recognizable names were sent to OSD employees. When they opened the messages, user IDs and passwords that unlocked the entire network were stolen; as a result, sensitive data housed on Defense systems was accessed, copied and sent back to the intruder.

"This was a very bad day," said Clem during a panel discussion at the Information Processing Interagency Conference Tuesday. The breach continues to pose a threat, he added. "We don't know when they'll use the information they stole, [which was] an amazing amount, [including] processes and procedures that will be valuable to adversaries."

More here.

Hat-tip: dissent

0 Comments:

Post a Comment

<< Home