back to article Indian navy computers stormed by malware-ridden USBs

The Indian navy has been left licking its wounds after suspected Chinese hackers managed to lift classified data from maximum security, non-internet connected PCs via malware hidden on USB drives. The Indian Eastern Naval Command – which is currently overseeing trials of the country’s first nuclear missile submarine, INS …

COMMENTS

This topic is closed for new posts.
  1. Stuart Castle Silver badge

    Why on earth do so called maximum security PCs have active USB ports?

    Even if they needed them (for the keyboard and mouse for instance), they could probably put some locking device, or even just glue the keyboard/mouse USB plugs in and use resin to seal the rest.

    1. VeganVegan
      Joke

      Simples

      re-wire the 5-volt USB slot so that it provides 15-volt (or maybe even household voltage?).

      That should take care of thumb drives, and dumb drivers.

  2. Scott Broukell
    Stop

    "Why on earth do so called maximum security PCs have active USB ports?" (Stuart Caslte - 08:52 BST)

    Whilst I agree wholeheartedly, perhaps because occasionally they require Maximum Security updates ?

    Meanwhile;

    U = U

    S = Sure

    B = Bout this ?!?!

  3. Antony Riley
    Coat

    Snoop onto them, as they snoop onto us

    See title.

    Mine's the one with the Hackers DVD in the inside pocket.

  4. Anonymous Coward
    Anonymous Coward

    Military's should be using proprietary computers with proprietary operating systems with proprietary file systems. No they use PCs to save a buck.

    1. SkippyBing

      I think the shear trauma of trying to educate new recruits into the mysterious of a proprietary operating system would put most militaries off. And ultimately it still has to be used by humans who will circumvent security measures if it makes their lives easier.

      Also the world's military forces are spectacularly inept at specifying any propriety system generally coming up with something that's more expensive and less capable than something you could buy off the shelves a decade previously.

      1. Anonymous Coward
        WTF?

        Eh?

        "I think the shear trauma of trying to educate new recruits into the mysterious of a proprietary operating system would put most militaries off."

        Wtf? If they can train new recruits to fly an aircraft or drive a tank or conduct survellance, I'm damn sure they can train them to use a slightly different GUI or a CLI.

        "Also the world's military forces are spectacularly inept at specifying any propriety system generally coming up with something that's more expensive and less capable than something you could buy off the shelves a decade previously."

        Except that in this case buying off the shelf puts your secrets at risk so perhaps they should try harder.

        1. Anonymous Coward
          Anonymous Coward

          Re: Eh?

          "mysterious of a proprietary operating system would put most militaries off."

          I don't suppose too many nuclear subs etc are running "Windows for Warmongers"

          1. SkippyBing

            Re: Eh?

            For general admin, e-mail etc. no, they're running XP.

            For operating the submarine they'll have a separate command and control system, which breaks most of the rules in the user interface book and is no use if you want to store or create documents.

          2. Alister

            Re: Eh?

            I don't suppose too many nuclear subs etc are running "Windows for Warmongers"

            No, they're running Windows for Warships.

            http://www.theregister.co.uk/2007/02/26/windows_boxes_at_sea/

            http://en.wikipedia.org/wiki/Submarine_Command_System

        2. SkippyBing

          Re: Eh?

          'Wtf? If they can train new recruits to fly an aircraft or drive a tank or conduct survellance, I'm damn sure they can train them to use a slightly different GUI or a CLI.'

          Those are the smart ones, some branches of the armed forces are manned with those uncomfortable with the level of technology available in an anvil. I have on occasion had to explain such simple concepts as 'you don't need to watch the phone in case it rings, you'll hear it'.

          For an example of a military specced IT system look at JPA the UK's tri-service administration software. A pig of a system that takes user unfriendliness to a new level while failing in its main job of allowing personnel to manage their own pay and allowances.

          A proprietary system is just security by obscurity, it doesn't solve the problem of people taking the easy option like making a print out and losing that, but it does risk the entire defence budget being absorbed coming up with something that's the equivalent of MS-DOS, and not one of the good versions.

          1. Anonymous Coward
            Anonymous Coward

            Re: Eh?

            "Those are the smart ones, some branches of the armed forces are manned with those uncomfortable with the level of technology available in an anvil."

            I'm sure thats the case , but you wouldn't let those sorts of people near critical systems in the first place. They're the ones cleaning the boots and the bogs.

            "A proprietary system is just security by obscurity,"

            if thats the only option you've got then its better than nothing. Its certainly better than using a consumer OS which is quite happy to run any old shit it finds on a USB stick as soon as its plugged in!

            1. Charles 9

              Re: Eh?

              "I'm sure thats the case , but you wouldn't let those sorts of people near critical systems in the first place. They're the ones cleaning the boots and the bogs."

              But what if that's all you got? So it's either put these people to work or you got to explain to John Q. Taxpayer why you're sitting on a billion-dollar paperweight (IOW, sink or swim). And rolls on the slide as college grads head for the private sector and drafts are political suicide.

              "if thats the only option you've got then its better than nothing. Its certainly better than using a consumer OS which is quite happy to run any old shit it finds on a USB stick as soon as its plugged in!"

              That's the thing. That option isn't really an option. One leak and you're done: a task easily accomplished with a competent spy or other insider. Then you're back where we are now, only worse off because proprietary systems are harder to rejig: being by definition custom jobs. And we know what happens with old custom-designed software: it becomes both obsolete and so expensive to replace that the budget basically forces you to put up with it.

  5. Anonymous Coward
    Anonymous Coward

    The "how hard can it be?" principle"

    They probably worked on the "how hard can it be" principle to link up a few PC's and servers and stick a sign over the door saying “Secure - Do Not Enter!" This approach being used in order to save a few bob of in-house or 3rd party consultancy staff.... After all, the Indian Civil Service and Military share a heritage with their fellow British Equivalents.....

  6. Anonymous Coward
    FAIL

    *Ring Ring*

    Good mornings to you sir, I am beings Dave from "Windows"

    Our records be showing that your computer is being having a virus.

    Please be ringing our premium rate number to be receiving of the fixes.

  7. ThePhantom

    SPYRUS makes drives that can help prevent this

    On the Hydra Privacy Card, every file is encrypted under its own key. Even if you unlock the drive to get to your files, the files are still encrypted until you explicitly decrypt them. Since you can set a policy on the drive that will only allow encrypted data to be stored, it it impossible for malware to run - since it cannot be put there in the first place.

  8. bexley

    bit locker

    .that is all

    1. Mark 65

      Re: bit locker

      How's that work if the user of the system inserted the USB device? As the user they'd have unlocked the data drive for use in which case the files are visible, in which case they can be copied. Active USB ports and AutoRun are the bigger issues here.

  9. Anonymous Coward
    Happy

    consumer kit == consumer problems

    Welcome to IT india, maybe you should outsource your IT needs to the UK and then you won't have so many problems :0.

  10. Baudwalk
    Pirate

    B.Y.O.D.

    In the Navy, yes, you can bring your own device.

    In the Navy, yes, you can snoop our files with ease.

  11. Anonymous Coward
    Anonymous Coward

    Won't last for ever.

    They're stealing everything from everyone at the moment.

    It won't be a few years before a German judge announces that the BMW M76849384933994994 has no resemblance to the SsangYonh M76849384933994994 and so BMW has no case to answer.

    At the moment they're only doing it because China's miles behind. When they catch up, then they'll come on board with law.

  12. Alan Brown Silver badge
    FAIL

    Sooo....

    Indian military personnel are plugging random usb sticks into military computers?

    Mega fail on so many levels (And I doubt it's just a problem in india)

  13. James Gosling
    Thumb Up

    Outsourcing

    The Indian Army are simply out-sourcing their data to China. From now on they will send their data via hotmail or drop-box and get paid via paypal. What's the worst that can happen?

  14. mhenriday
    Big Brother

    The Indian Express story to which a link is provided states that

    «The Navy — and the other armed forces — stores sensitive data only in standalone computers that are not connected to the Internet. These computers are not supposed to have ports or access points for pen drives or external storage devices. » Did they or did they not have USB ports ? It should be rather easy - even for a naval officer in charge of security - to ascertain with a simple ocular inspection whether a computer has USB ports. Is it possible that this story is made from the whole cloth and published in the Indian press in order to achieve the twin objectives of fanning anti-Chinese feeling in the country and obtaining larger appropriations for military security, while at the same time bashing the current Indian government ?...

    Henri

This topic is closed for new posts.

Other stories you might like