BusinessWeek has learned the U.S. government has launched a classified operation called Byzantine Foothold to detect, track, and disarm intrusions on the government's most critical networks. The full article from BusinessWeek is here.
The article goes on to state the U.S. government, and its sprawl of defense contractors, have been the victims of an unprecedented rash of similar cyber attacks over the last two years. "It's espionage on a massive scale," says Paul Kurtz, a former high-ranking national security official.
Now, of course my question is, how did such widespread intrusions become possible. BusinessWeek has this to say (note my emphasis below):
The government has yet to disclose the breaches related to Byzantine Foothold. BusinessWeek has learned that intruders managed to worm into the State Dept.'s highly sensitive Bureau of Intelligence & Research, a key channel between the work of intelligence agencies and the rest of the government. The breach posed a risk to CIA operatives in embassies around the globe, say several network security specialists familiar with the effort to cope with what became seen as an internal crisis. Teams worked around-the-clock in search of malware, they say, calling the White House regularly with updates.
The attack began in May, 2006, when an unwitting employee in the State Dept.'s East Asia Pacific region clicked on an attachment in a seemingly authentic e-mail. Malicious code was embedded in the Word document, a congressional speech, and opened a Trojan "back door" for the code's creators to peer inside the State Dept.'s innermost networks. Soon, cyber security engineers began spotting more intrusions in State Dept. computers across the globe.
The malware took advantage of previously unknown vulnerabilities in the Microsoft operating system. Unable to develop a patch quickly enough, engineers watched helplessly as streams of State Dept. data slipped through the back door and into the Internet ether. [my emphasis]
Although they were unable to fix the vulnerability, specialists came up with a temporary scheme to block further infections. They also yanked connections to the Internet.
The malware used by the attackers took advantage of previously unknown vulnerabilities (important, this word is plural) for which patches were not yet available. So the world's one and only superpower is potentially laid to bare because of a defect that went undetected by the manufacturer before its product was released into the global stream of commerce?!?
The world's one and only super-power also just happens to be the world's one and only super-crash test dummy (a reference to Geekonomics that states that software buyers are crash test dummies for software manufacturers. We "crash" so the manufactuer knows what to fix.).
More from BusinessWeek:
Adding to Washington's anxiety, current and former U.S. government officials say many of the new attackers are trained professionals backed by foreign governments. "The new breed of threat that has evolved is nation-state-sponsored stuff," says Amit Yoran, a former director of Homeland Security's National Cyber Security Div. Adds one of the nation's most senior military officers: "We've got to figure out how to get at it before our regrets exceed our ability to react."
I would suggest this: reduce the supply of vulnerabilities. Software exploits do not exist in a vacuum. A software exploit requires a corresponding software vulnerability. Attackers do not "break" software. The software comes already broken from the manufacturer. As such, attackers merely discover the defect, not create it. The attacker's "sophistication" derives from the direct incentive to do what the manufacturer had no (or very little) incentive to do: find the defect first.
Remove, or drastically disincentive the production of insecure software by software manufacturers, and our ability to react might just foreclose our regrets.
