[Itpolicy-np] Deputy Defense Sec’y William Lynn Declassifies the 2008 USB Incident

Thu Sep 2 03:58:30 GMT 2010

In 2010, 25 percent of new worms spread through USB storage devices
connected to computers, according to PandaLabs.

http://www.net-security.org/malware_news.php?id=1444

These types of threats can copy themselves to any device capable of
storing information such as cell phones, external hard drives, DVDs,
flash memories and MP3/4 players.

...
Migrating LNK exploit via "software restriction policy"
http://blog.didierstevens.com/2010/07/20/mitigating-lnk-exploitation-with-srp/

...
DEMO:
Simple ref:  http://web.archive.org/web/20071016230748/http://irongeek.com/i.php?page=videos/creating-an-auto-hack-usb-drive-using-autorun-and-batch-files

Osint, U3 USB Drive(2007): Hack U3 USB Smart Drive to Become Ultimate Hack Tool
http://www.raymond.cc/blog/archives/2007/11/23/hack-u3-usb-smart-drive-to-become-ultimate-hack-tool/

The News:

(Unclassified Report)
http://www.foreignaffairs.com/articles/66552/william-j-lynn-iii/defending-a-new-domain

However, one has to register to read the full article.
_________________________________________________________________
(SOURCE): http://www.washingtonpost.com/wp-dyn/content/article/2010/08/24/AR2010082406154_pf.html

In an article to be published Wednesday discussing the Pentagon's
cyberstrategy, Deputy Defense Secretary William J. Lynn III says
malicious code placed on the drive by a foreign intelligence agency
uploaded itself onto a network run by the U.S. military's Central
Command.

That code spread undetected on both classified and unclassified
systems, establishing what amounted to a digital beachhead, from which
data could be transferred to servers under foreign control," he says
in the Foreign Affairs article.

It was a network administrator's worst fear: a rogue program operating
silently, poised to deliver operational plans into the hands of an
unknown adversary.

Lynn's decision to declassify an incident that Defense officials had
kept secret reflects the Pentagon's desire to raise congressional and
public concern over the threats facing U.S. computer systems, experts
said.

Much of what Lynn writes in Foreign Affairs has been said before: that
the Pentagon's 15,000 networks and 7 million computing devices are
being probed thousands of times daily; that cyberwar is asymmetric;
and that traditional Cold War deterrence models of assured retaliation
do not apply to cyberspace, where it is difficult to identify the
instigator of an attack.

But he also presents new details about the Defense Department's
cyberstrategy, including the development of ways to find intruders
inside the network. That is part of what is called "active defense."
Counterfeit hardware has been detected in systems that the Pentagon
has bought. Such hardware could expose the network to manipulation
from adversaries.

He puts the Homeland Security Department on notice that although it
has the "lead" in protecting the dot.gov and dot.com domains, the
Pentagon - which includes the ultra-secret National Security Agency -
should support efforts to protect critical industry networks”
...