Thursday, November 12, 2009

Windows worm grounds French Air Force

According to Aviation Week the "conficker" worm got into French air force mission planning software. Rafaele fighters were grounded because they were unable to download flight plans from infected databases. Once on the loose, the "conficker" worm got into French Navy networks, the Villacoublay air base, and 8th Transmissions Regiment. French investigators think someone plugged an infected thumb drive into a machine on the network.
Additional grief happened in Britain where a virus infected Royal Navy and Royal Air Force computer networks, including aircraft carrier Ark Royal, and was emailing god know what intelligence to a Russian internet server.
The Americans got theirs last year about this time, when a cyberworm got into Pentagon computers. The US thinks they were infected from a thumb drive, since they banned use of all such devices shortly afterwards.
Wow. James Bond would be proud. So would Kevin Mitnick.
Lesson to be learned. Any Windows computer on the Internet is totally vulnerable to hackers. They can take over the machine, run their own programs, and cover their tracks so well that no one will really notice. Even if you keep the Windows computers off the internet, the thumb drives can still infect them.
Bottom line, never use Windows computers for anything important. Linux is life.
And, never computerize anything that you don't need to computerize.
For instance, that French mission planning system isn't really necessary. In USAF we wrote out flight plans with pencil and paper and filed them over the telephone. Worked just fine. If the fancy software goes west, the French should have been able to go back to the good old manual way of doing things.
The thumb drive problem is harder. The things are so convenient, so small and easily concealed (about the size of a 50 cent piece) that just putting out an order not to use them ain't going to cut it. Just plugging an infected thumb drive into a Windows machine will infect it because of a Windows "feature". It's a feature not a bug. And you can believe as much of that as you like.
Back when CD-Rom drives were new, Microsoft arranged for CD-ROMs bearing software to "auto-run". Just inserting the CD in the drive was enough to start the install program on the CD running. Or a music CD playing. Cool. Trouble starts when the CD contains a virus instead of new software. Microsoft is so in love with this "feature" that they added it to the USB ports, and now thumb drives with viruses will infect whole networks.
I'm glad I'm not a security guy trying to keep my computers un infected today. You gotta figure that sooner or later someone will stick an infected thumb drive into one of your computers. That infects the first computer. The infection then spreads itself over the network connection or thru any other thumb drive ever inserted in the infected machine. If the infected machine is networked, it will infect all the other machines on the network within a short time.
You really cannot remove the USB ports that thumb drives plug into because the computers need those ports for mice, keyboards, printers, cameras, et cetera, et cetera. You can disable the "autorun" feature in software, but it has a tendency to come back to life spontaneously. You'd have to inspect every computer every day to make sure it was still disabled. That could be automated I suppose, but it would be a major PITA.

No comments: