Would you like to redeem your rewardville poinits?

It's not FROM Mafia wars, it's designed FOR Mafia Wars.

TFA: ...it came from a small, possibly banned portable hard drive...

Yep, figured it'd be that. And the drive was almost certainly verboten. You don't plug a read/write device into a secure system unless it is a cleared device, and cleared devices should never get plugged into insecure systems. When I was back at Boeing a program got shut down for a week after it was accidentally plugged into the unsecured network. They had to go over every log and every byte on the system and verify that nothing got in or out before they were allowed to start back up.

Like others have said, they need to remove the USB mass storage drivers from these machines. Probably can't physically remove the USB ports, though, unless they use PS2 keyboards and mice.

Fish in a Barrel: When I was back at Boeing, a program got shut down for a week after it one of their servers was accidentally plugged into the unsecured network.

FTFM

Barakku: It's not FROM Mafia wars, it's designed FOR Mafia Wars.

You'd think Zynga would try to get out in front of this and try to put a lid on it. You've got a few dozen high profile articles making the social rounds basically saying that Mafia Wars gave the US Military a virus. And even if that's not what they're actually saying, that's what people are telling each other.

That's no good, dog.

Fish in a Barrel: TFA: ...it came from a small, possibly banned portable hard drive...

Yep, figured it'd be that. And the drive was almost certainly verboten. You don't plug a read/write device into a secure system unless it is a cleared device, and cleared devices should never get plugged into insecure systems. When I was back at Boeing a program got shut down for a week after it was accidentally plugged into the unsecured network. They had to go over every log and every byte on the system and verify that nothing got in or out before they were allowed to start back up.

Like others have said, they need to remove the USB mass storage drivers from these machines. Probably can't physically remove the USB ports, though, unless they use PS2 keyboards and mice.

"Almost certainly" yes certainly. They're banned from many WORKPLACES let alone military installations. Someone was breaking the rules and this is exactly why that policy is in place.

I figured that they would find LimeWire or Kazaa on someone's work station.

Fish in a Barrel: TFA: ...it came from a small, possibly banned portable hard drive...

Yep, figured it'd be that. And the drive was almost certainly verboten. You don't plug a read/write device into a secure system unless it is a cleared device, and cleared devices should never get plugged into insecure systems. When I was back at Boeing a program got shut down for a week after it was accidentally plugged into the unsecured network. They had to go over every log and every byte on the system and verify that nothing got in or out before they were allowed to start back up.

Like others have said, they need to remove the USB mass storage drivers from these machines. Probably can't physically remove the USB ports, though, unless they use PS2 keyboards and mice.

Regarding PS2 keyboards and mice they make adapters foR PS/2 ports, so you can use USB mices/ect on devices without USB ports. I don't know if they do remove USB ports but they should, it's entirely possible to use a PC with only a mouse and keyboard, with a local network printer and designated machines to handle all scanning/ect if the security level is warrented. Whether that's done or not I couldn't tell you, I work in an office so insecure our password "convention" would make any IT sec guy cry.

Smokey the Bare: I still don't know why the DoD allows Facebook on their networks... It is a farking time waster.

It used to be banned, but they opened it up when they "embraced social networking". I wish they would at least ban the chat function. Productivity would skyrocket.

Barakku: Fish in a Barrel: TFA: ...it came from a small, possibly banned portable hard drive...

Yep, figured it'd be that. And the drive was almost certainly verboten. You don't plug a read/write device into a secure system unless it is a cleared device, and cleared devices should never get plugged into insecure systems. When I was back at Boeing a program got shut down for a week after it was accidentally plugged into the unsecured network. They had to go over every log and every byte on the system and verify that nothing got in or out before they were allowed to start back up.

Like others have said, they need to remove the USB mass storage drivers from these machines. Probably can't physically remove the USB ports, though, unless they use PS2 keyboards and mice.

Regarding PS2 keyboards and mice they make adapters foR PS/2 ports, so you can use USB mices/ect on devices without USB ports. I don't know if they do remove USB ports but they should, it's entirely possible to use a PC with only a mouse and keyboard, with a local network printer and designated machines to handle all scanning/ect if the security level is warrented. Whether that's done or not I couldn't tell you, I work in an office so insecure our password "convention" would make any IT sec guy cry.

I'm pretty sure they can disable the USB ports, but there are probably times that they need to use them so they don't. Where I work at the USB ports are disabled on all of the machines.

Fail is for subby and article writers. We knew it was a keylogger already. IT wasn't from mafia wars, as the headline or the article title claim, but the same sort of keylogger that tries to get login data for those games.

Barakku: It's not FROM Mafia wars, it's designed FOR games like Mafia Wars.

FTFY

In modern gaming, they're made for any game that has got a login/password setup. Gold generators, free xp, as catchlines for just about every popular mmo. Some lower forms that are not a virus, per say, are like the recently farked Netflix fake app. Some are a simple web page interface made to mimick the appearance of a website. These things in various forms, are quite literally everywhere.

The indication that this behaves like an actual virus, and is on a government system makes me think the following may not exactly be an honest mistake:
Fish in a Barrel: You don't plug a read/write device into a secure system unless it is a cleared device

Unless you've got something up your sleeve.

I still think it's a crappy(or maybe highly successful) attempt at espionage. You know if that's the case, they're going to play it off as malware we all know about all the time. Admit that it worked? lol, yeah right.

Barakku: Fish in a Barrel: TFA: ...it came from a small, possibly banned portable hard drive...

Yep, figured it'd be that. And the drive was almost certainly verboten. You don't plug a read/write device into a secure system unless it is a cleared device, and cleared devices should never get plugged into insecure systems. When I was back at Boeing a program got shut down for a week after it was accidentally plugged into the unsecured network. They had to go over every log and every byte on the system and verify that nothing got in or out before they were allowed to start back up.

Like others have said, they need to remove the USB mass storage drivers from these machines. Probably can't physically remove the USB ports, though, unless they use PS2 keyboards and mice.

Regarding PS2 keyboards and mice they make adapters foR PS/2 ports, so you can use USB mices/ect on devices without USB ports. I don't know if they do remove USB ports but they should, it's entirely possible to use a PC with only a mouse and keyboard, with a local network printer and designated machines to handle all scanning/ect if the security level is warrented. Whether that's done or not I couldn't tell you, I work in an office so insecure our password "convention" would make any IT sec guy cry.

Is your password "12345"?

Fish in a Barrel: Probably can't physically remove the USB ports, though, unless they use PS2 keyboards and mice.

Sure you can. Hot glue in all external ports and disable them in the secured BIOS then connect the peripherals to physically secure ports inside the locked case. Make it impossible to plug in their own devices without making a determined, undeniable effort to circumvent the physical security measures. Sure, they could cut one of those peripheral cables, splice in a hub, and connect their own devices but then you just dishonorably discharge them.

Fish in a Barrel: Like others have said, they need to remove the USB mass storage drivers from these machines. Probably can't physically remove the USB ports, though, unless they use PS2 keyboards and mice.

and hot glue into the extra ports.

...banned portable hard drive...

Flogging is a fine military tradition. Can we resurrect it for soldiers who use unsecured storage devices on secure systems?

bittermang: You'd think Zynga would try to get out in front of this and try to put a lid on it. You've got a few dozen high profile articles making the social rounds basically saying that Mafia Wars gave the US Military a virus. And even if that's not what they're actually saying, that's what people are telling each other.

I'm reading the new Neal Stephenson, which is about a computer virus which attacks players of a MMORPG and one of the first things he says is that media coverage of the attack INCREASES the number of players, so the company in the game has no interest in "getting out in front of the story".

ongbok: I figured that they would find LimeWire or Kazaa on someone's work station.

weatherbug

Weaver95: Wasn't this the plot of Space: Above and Beyond?

*deepthoughts.jpg*

I've watched SAAB several times through, but I'm not making the connection...

Wo wo wo, that's Italian-American Independent Businessmen Kinetic Military Operations to you, pal.

Why are they running the drone systems on Windows?

M-G: Why are they running the drone systems on Windows?

Because Windows developers are common as dirt and if you're not exposed to the outside world Windows' lackluster security really isn't much of an issue... until someone plugs in an infected external drive.

Man On Fire: Fish in a Barrel: Like others have said, they need to remove the USB mass storage drivers from these machines. Probably can't physically remove the USB ports, though, unless they use PS2 keyboards and mice.

and hot glue into the extra ports.

Hot glue isn't that hard to remove. It just takes a bit of patience. You want Epoxy. That shiat will never come out.

A second MMORPG just hit the South Tower!

ongbok: Barakku: Fish in a Barrel: TFA: ...it came from a small, possibly banned portable hard drive...

Yep, figured it'd be that. And the drive was almost certainly verboten. You don't plug a read/write device into a secure system unless it is a cleared device, and cleared devices should never get plugged into insecure systems. When I was back at Boeing a program got shut down for a week after it was accidentally plugged into the unsecured network. They had to go over every log and every byte on the system and verify that nothing got in or out before they were allowed to start back up.

Like others have said, they need to remove the USB mass storage drivers from these machines. Probably can't physically remove the USB ports, though, unless they use PS2 keyboards and mice.

Regarding PS2 keyboards and mice they make adapters foR PS/2 ports, so you can use USB mices/ect on devices without USB ports. I don't know if they do remove USB ports but they should, it's entirely possible to use a PC with only a mouse and keyboard, with a local network printer and designated machines to handle all scanning/ect if the security level is warrented. Whether that's done or not I couldn't tell you, I work in an office so insecure our password "convention" would make any IT sec guy cry.

I'm pretty sure they can disable the USB ports, but there are probably times that they need to use them so they don't. Where I work at the USB ports are disabled on all of the machines.

You can disable removeable mass storage devices with a registry hack. You can disable just USB mass storage devices if you want.

/ took about an hour to complete the process on 10,000 machines
//or you could disable all USB ports in the OS or in the hardware itself... or all but 2... or.. its very flexible security wise is my point.

Typically, it's "Autoplay" being enabled that does it. These pop up as soon as you plug them in "Do you want to open the folder to view files or play media or whatever it says". Disabling that, particularly on highest security and segmented systems is the most basic thing you should do. I am always shocked when organizations larger than 15 people don't, actually.

If that is the case here, that's just... Pathetic. But I can see it. Some desktop monkey probably said "We don't need to disable it, the users can only use cleared devices". Yeah, unless they don't, dummy. A large part of Info Sec is protecting users from themsleves. Without knowing how the Mafia Wars thing behaves specifically, Password Stealers can reside in browsers and live in the App Data of the user profile, which the user has rights to modify. If this is a case where the users had full admin access to their local box, and again I've heard people who do it based on the idea that the vetting of the humans means you can give them admin rights, then... they deserve what they got.

This is just a major fail on a number of levels. I'm going to guess that they didn't also take the step of enforcing encryption on any of these external devices, even the cleared ones, so it's just as easy to get data off the systems as it apparently is to get stuff onto them.

According to a new article (new window) these were approved devices: "...malware was found on portable hard drives approved for transferring information between systems."

So someone plugged a cleared device into an unsecured machine.

Fish in a Barrel: According to a new article (new window) these were approved devices: "...malware was found on portable hard drives approved for transferring information between systems."

So someone plugged a cleared device into an unsecured machine.

Looks like it. I bet they have a policy that those devices are not to leave a secure space too. I wonder if there are secure and unsecure networks in the same room or if there is a 'red line' delineating the two?

shower_in_my_socks: "Mary Smith is bombing Al Qaeda's #2 and needs you to send her a Hellfire Missile gift."

This post did not get NEARLY enough love...

The Slush: M-G: Why are they running the drone systems on Windows?

Because the government generally doesn't use linux because they can't purchase it.

I'm also thinking it'd be pretty annoying to control a drone through CLI.
/arm /dev/hellfire1
//You must be root to use arm.
///sudo arm /dev/hellfire1
////There is no entry for /dev/hellfire1 in fstab.
//*grumble*

Smokey the Bare: I still don't know why the DoD allows Facebook on their networks... It is a farking time waster.

/as long as they don't take away fark.com

Even that varies from instilation to instilation. I can't get on Facebook at work here. Fark is still okay though.

ongbok: I'm pretty sure they can disable the USB ports, but there are probably times that they need to use them so they don't. Where I work at the USB ports are disabled on all of the machines.

The USB ports where I'm at now are exclusively disabled by default. In order to get one activated, I have to call up the IT department and go through half an hour of all kinds of junk to get it enabled remotely. Heaven forbid I want to get the mouse AND keyboard set up in the same day. The policy is 1 USB device per computer per day. I called at 2315 to get one enabled, then at 0010 the next to get a computer up and running.

In order to get pictures(which are required from time to time), I'd have to call EVERY SINGLE TIME that I wanted to set up drivers for it as a read/write device. Instead, I just use a remote laptop and burn the pictures onto a CD.