This was my favorite part, and a good lesson for every startup. Skip over all the overrated recent Stanford grads and Box alumni, THIS is the guy you want to hire:

"Only one person in the entire Department of Defense, a technical officer in a Marine unit in the Pacific, responded to the attack in an effective manner: seeing that something odd was happening with the computer server, he pulled it offline at his own initiative."

If you ask me the best response was the officer who told his commander he "didn't trust his command and control".

In my mind this indicates someone who is aware of the issue, and is already taking action to work around the problem - which in the military mind was not that some computers were hacked, it was that C3 mechanisms couldn't be counted on.

Fortunately the military trains officers to deal with decision-making in ambigious situations and creating workarounds when taking battle damage. I'll be willing to bet the next sentence in that message was a suggestion for how he would proceed.

> If you ask me the best response was the officer who told his commander he "didn't trust his command and control".

It was unclear to me whether or not that message was relayed faithfully to his commander, or whether it was intercepted by the red team.

It was definitely intercepted; that's why they were laughing about it.

Sorry, whether it was intercepted & no longer relayed faithfully, versus intercepted passively.

That part made me laugh. Thankfully their supervisor probably didn't have some obsession with uptime or that would have been tough to explain.

Aren't there some viruses which do more damage on reboot?

And removing power could remove forensic information, if the virus was loaded exclusively in RAM.

I think air-gapping would have been a wise move, but I would have kept the server powered and running until a post-mortem could be performed.

There's nothing suggesting he actually shut the server down.

I generally disagree but it depends on the server. That technical officer made the attacker's DoS attack a success. Imagine if everyone responded that way to questionable activity.

It's a risk mitigation. Questionable communications which cause changes in troop deployments may be worse than a total blackout and subsequent stasis.

Absolutely, and bravo to the officer. If you are ever unsure, pull the plug. The safest computer is one turned off.

I'm not sure that was implied. He could have used ifconfig.

Now that you mention it, though, I thought of an apparently notorious scene from NCIS: https://www.youtube.com/watch?v=Yc-FuE41kZU

You think your computer might be compromised but you still trust your binaries and OS to operate as intended?

No.

So probably not ifconfig...

I'm not sure the ones in the 99 US nuclear reactors can just be pulled without incident.

He probably got reprimanded for interrupting some general's solitaire game.

The most telling part, for me, is here:

> Everyone in the room was stunned, not least John Hamre, who had been sworn in as deputy secretary of defense at the end of July. Before then, Hamre had been the Pentagon’s comptroller, where he’d gone on a warpath to slash the military budget, especially the part secretly earmarked for the NSA. Through the 1980s, as a staffer for the Congressional Budget Office and the Senate Armed Services Committee, Hamre had grown to distrust the NSA: It was a dodgy outfit, way too covert, floating in the gray area between “military” and “intelligence” and evading the strictures on both. Hamre didn’t know anything about information warfare, and he didn’t care.

I say, bravo to the NSA for uncovering the vulnerability. But, the cynic in my wonders how long anyone over there had suspected this, but never acted on it until faced with the threat of having feed pulled from the trough. My prejudices lead me to think of government as tending towards the dysfunctional. So, I worry if the same sort of thing isn't going on right now.

This is the problem. The pendulum swings too far one way and then eventually swings too far back the other way, this is a classic example.

We started with little or no security and the NSA barely had a budget for information warfare - now many people think they have an unlimited budget to do this and some of the stuff they're doing has been demonstrated to be pretty sketchy.

At some point, more oversight will reign them in a little, until something else happens to push the pendulum further back in the direction it just came.

That's surely a part of the US government that is in dire need of more checks and balances.

Another even more telling thing revealed in this article; the very end where they realize that /no one/ is 'in charge' of fixing this. (Arguably because they ALL are. This is all what should be general OpSec training!)

Profiles in "leadership"...

The unmentioned background to Eligible Receiver is that the previous summer, the National Security Studies Quarterly published a paper by Eric Sterner entitled Digital Pearl Harbor: National Security in the Information Age.

Curious thing to me is at what point do you switch from saying this was a test to this is the real thing; meaning that you task the NSA to hack someone, then blame it on for example North Korea, China, etc.

It's possible we've already seen this with the Sony hack. Even if the loudest adherents to this theory have been somewhat discredited this year, nothing produced by Mr. Fart et al. contradicts it in convincing fashion.