By Jill R. Aitoro
March 5, 2008
A June 2007 network intrusion at the Pentagon resulted in the theft of
an "amazing amount" of data, and the incident remains a national
security concern, a top Defense Department technology official said this
The Office of the Secretary of Defense detected malicious code in
various portions of its network infrastructure while consolidating
information technology resources in the middle of last year. Over the
course of two months, the code infiltrated multiple systems, culminating
in an intrusion that created havoc by exploiting a vulnerability in
Microsoft Windows, said Dennis Clem, OSD's chief information officer.
During the attack, spoofed e-mails containing recognizable names were
sent to OSD employees. When they opened the messages, user IDs and
passwords that unlocked the entire network were stolen; as a result,
sensitive data housed on Defense systems was accessed, copied and sent
back to the intruder.
"This was a very bad day," said Clem during a panel discussion at the
Information Processing Interagency Conference  Tuesday. The breach
continues to pose a threat, he added. "We don't know when they'll use
the information they stole, [which was] an amazing amount, [including]
processes and procedures that will be valuable to adversaries."
Clem didn't give any indication that the source of the attack was
identified, nor did he provide details about what data was accessed. He
noted that the network used by the office of John Grimes, Defense CIO
and assistant secretary of networks and information infrastructure, is
maintained separately, and therefore was not compromised.
The portion of the network infrastructure under assault was shut down
soon after the attack was detected. Recovery, which took three weeks and
cost $4 million, involved the introduction of a new process of "checking
out" temporary IDs and passwords for access to the network, stricter
requirements about the use of common access cards for identity
verification, and introduction of digital signatures to ensure that
information comes from a valid source.
"It made a big difference" in securing the OSD network, which currently
gets 70,000 malicious attempts at access a day, Clem said.
"This was something that [I thought] would never happen to me," he said.
"Boy, was I wrong.... They're working hard, these people, and they're
after us all the time... . If you don't know your network, and you're
more of a policy CIO, you may find yourself in trouble."
Subscribe to InfoSec News