DoD responds to elderly worm by yanking removable media
The Department of Defense has allegedly responded to an infection by a variant of the elderly W32.Silly worm by banning the use of removable media -- thumb drives, flash memory cards for cameras, and all.
SillyFDC, to give it perhaps more attention than it's worth, installs itself in the Windows registry and watches for removable storage to infect, copying itself to "Lcass.exe" and dropping a file called "autorun.inf" on the removable drive. The version affecting Armed Forces machines, however, is rumored to be a variant of Agent-EMB, which also installs itself in the registry but has no particular interest in removable drives -- a hint that SillyFDC might merely be the delivery device, not the true problem.
But SillyFDC's not really the problem in any case -- just the pebble that sets off a long-overdue avalanche.
A memo dated November 15 from Strategic Command (USSTRATCOM) directs all hands that "effective immediately, the use of memory sticks, thumb drives and camera flash memory cards is suspended in DoD NIPRNet systems." (NIPRNet is the network used for sensitive-but-unclassified communications, and as a gateway to the larger public Internet; it superseded MILNET back in the '90s.) According to information first received by Wired, the ban also applies to SIPRNet (Secret Internet Protocol Router Network), the network handling classified materials.
The memo notes that over time, Defense hasn't been able to keep up with the attack surface provided by removable media, and that "only through a layered defense of training, technology, procedures and personal recognizance can we regain the high ground."
Not currently on the high ground? And how. W32.Silly may be a relatively harmless little pest -- it's mainly designed to replicate itself, even if it can be (and maybe has been) reworked to carry payloads. But reports of rampant removable-media disappearances have been enough to send chills down the spine, especially when -- as is the case in the bazaars just outside the US military base and airfield in Bagram, Afghanistan -- it just keeps happening, after years of containment effort.
The memo acknowledges that the new directive is going to be a piece of misery for those affected, saying, "Adhering to this policy and enforcement of these standards will be challenging. However, the cost of ignoring is even greater and will continue to put our networks and warfighters at risk."
Many field operations use thumb drives and the like, since conditions in difficult areas provide minimal access to networks -- and since computers can be stolen too.
Since such drives are crucial in those circumstances, it's believed that the DoD is working out the details of a plan to scan, certify, and upgrade protections on a limited number of removable devices. GI Joe, however, will not be getting his nerd stick -- and maybe, the right to update his iPod -- back for the foreseeable future.