Late last week, the U.S. Space Command, which provides security for military computers, instructed all military organizations to block public access after a number of sites had contracted the virus, called the "Code Red" bug, according to an official.
The virus is known as a "denial of service" bug, because it replicates itself by reading the log files on a network server and sending copies to other servers — thereby multiplying and sometimes crashing a system — and denying access to legitimate users of the site.
One version of the virus, experts say, emblazons on sites it attacks the message: "HELLO! Welcome to http://www.worm.com! Hacked By Chinese!"
DoD Sites Struck
The virus exploits a security flaw in certain Microsoft network servers. The flaw was announced last month when a patch was released to fix it.
"To protect our DoD [Department of Defense] Web sites from being compromised, DoD organizations have been told to review the status of the Internet information servers … to make sure that all the patches that were previously installed had been installed," says command spokesman Army Maj. Barry Venable.
Only a handful of the major Defense Department sites, with the suffix ".mil," appear currently accessible to the public, including the central public affairs site DefenseLink and the military services' main homepages. Public access is blocked to information connected to those sites, and others such as the National Missile Defense site and the U.S. Air Forces in Europe site. Authorized Department of Defense personnel continue to have access to the sites, Venable said.
"My gut hunch is that this is the single largest security incident ever, in terms of number of servers, and number of pages effected, and duration," says John Pike, who heads the GlobalSecurity.org military resource site. Pike says he first noticed blocked access to the sites Thursday morning.
Defense organizations worldwide are currently checking their 2.5 million computers linked to 2,000 networks to ensure that they have the applicable software patches to prevent infiltration by the virus, according to Venable.
"The Code Red worm did in fact show up in some DoD Web sites and we're working to contain that," Venable said. "Ways we're going about that is blocking public access to the Web sites, because that's the way this worm works, to prevent it from using our networks to propagate itself."
At Least 225,000 Computer Systems Believed Infected
In recent weeks, variations of the virus are believed to have infected at least 225,000 business and institutional computer systems. Last Thursday, infected computers were instructed to flood the White House Web site, but with minutes to spare the White House was able to protect itself.
Venable could not say when public access to the sites would resume."Until the worm no longer poses a threat to DoD Web sites, our networks will not be accessible to the public," he said.
The effectiveness of the Code Red virus in exploiting network weaknesses has been known by the military since June, according to Venable.
The fact the military did not have the patch fully installed, and then its decision to block public access to all of its networks, was received uncharitably from a critic of the Pentagon's cybersecurity policies.
"DoD turned tail in cyberspace and disconnected from the Internet," says computer security critic George Smith. "Did Google go offline? Did America Online go offline? Did all the porn sites go offline?"
|
Good
Morning America
World
News Tonight
PRINT THIS PAGE
