RSSDoD responds to elderly worm by yanking removable media
By Angela Gunn | Published November 24, 2008, 4:29 PM
The Department of Defense has allegedly responded to an infection by a variant of the elderly W32.Silly worm by banning the use of removable media -- thumb drives, flash memory cards for cameras, and all.
SillyFDC, to give it perhaps more attention than it's worth, installs itself in the Windows registry and watches for removable storage to infect, copying itself to "Lcass.exe" and dropping a file called "autorun.inf" on the removable drive. The version affecting Armed Forces machines, however, is rumored to be a variant of Agent-EMB, which also installs itself in the registry but has no particular interest in removable drives -- a hint that SillyFDC might merely be the delivery device, not the true problem.
But SillyFDC's not really the problem in any case -- just the pebble that sets off a long-overdue avalanche.
A memo dated November 15 from Strategic Command (USSTRATCOM) directs all hands that "effective immediately, the use of memory sticks, thumb drives and camera flash memory cards is suspended in DoD NIPRNet systems." (NIPRNet is the network used for sensitive-but-unclassified communications, and as a gateway to the larger public Internet; it superseded MILNET back in the '90s.) According to information first received by Wired, the ban also applies to SIPRNet (Secret Internet Protocol Router Network), the network handling classified materials.
The memo notes that over time, Defense hasn't been able to keep up with the attack surface provided by removable media, and that "only through a layered defense of training, technology, procedures and personal recognizance can we regain the high ground."
Not currently on the high ground? And how. W32.Silly may be a relatively harmless little pest -- it's mainly designed to replicate itself, even if it can be (and maybe has been) reworked to carry payloads. But reports of rampant removable-media disappearances have been enough to send chills down the spine, especially when -- as is the case in the bazaars just outside the US military base and airfield in Bagram, Afghanistan -- it just keeps happening, after years of containment effort.
The memo acknowledges that the new directive is going to be a piece of misery for those affected, saying, "Adhering to this policy and enforcement of these standards will be challenging. However, the cost of ignoring is even greater and will continue to put our networks and warfighters at risk."
Many field operations use thumb drives and the like, since conditions in difficult areas provide minimal access to networks -- and since computers can be stolen too.
Since such drives are crucial in those circumstances, it's believed that the DoD is working out the details of a plan to scan, certify, and upgrade protections on a limited number of removable devices. GI Joe, however, will not be getting his nerd stick -- and maybe, the right to update his iPod -- back for the foreseeable future.
Guess im gona have alot of thumb drives........
Score: 0
She said "yanking".... ;-)
Score: 0
Sounds like a decent plan. There are entire software suites devoted to locking down removeable ports, and this example is why.
Score: 0
they are banning everything, including CD's? its no wonder the war was lost to begin with.
Score: 0
@artfuldodga
CD's aren't banned, nor are USB hard drives purchased by DoD agencies for DoD operations, apparently, as I was advised at work today.
Score: 0
Lost.. wow I guess you havent been watching the news.... LOL cd's are the reason? WOW
Score: 0
Hi cwfrizzell! My understanding is that the DoD is currently working out plans for those purchased USB drives, and that the ban covers any writable, removable media (so not so much the CDs, unless there's some provision tucked away in a subsequent memo re writeables?) -- but that there remains some concern over even authorized thumb drives walking out the door and into, for instance, the bazaars of Bagram. Curious to hear if that meshes with what you were told today -- and if anyone you know has brought up the iPod/phone problem (since those devices can be used for storage, and can be attached to a computer). Was pondering all my USB-dependent devices as I set to writing this today, and frankly I'd find kicking the habit rather more than "challenging" -- good luck to all y'all with that.
Score: 0
IIRC CD-Burners where refered to as WORM drives in ye olden days ;)
WORM = write once read many..
Score: 0
It is currently for all "flash" based media that is used via USB. It has always been against the rules to hook up your own personal device. The DoD can confiscate anything that is hooked up to their network including your precious iPhone.
What I find ironic is that portable USB hard drives are not part of the ban. As far as the computer is concerned, flash drive and external hard drive are essentially the same thing.
Currently, we have switched to using CDRW media at the moment. It is a bit more of a hassle, but it allows us to get the work done.
Score: 0