November 2009

BREAKING: Discover How A Slacker Makes $100,000 A Year!

WEBMASTERS! Get Your Website To The Top Of Google

U.S. Government Contractor Injects Malicious Software into Critical Military Computers

Sunday, April 15th, 2007

This is just a frightening story. Basically, a contractor with a top secret security clearance was able to inject malicious code and sabotage computers used to track Navy submarines.

Yeah, it was annoying to find and fix the problem, but hang on. How is it possible for a single disgruntled idiot to damage a multi-billion-dollar weapons system? Why aren’t there any security systems in place to prevent this? I’ll bet anything that there was absolutely no control or review over who put what code in where. I’ll bet that if this guy had been just a little bit cleverer, he could have done a whole lot more damage without ever getting caught.

One of the ways to deal with the problem of trusted individuals is by making sure they’re trustworthy. The clearance process is supposed to handle that. But given the enormous damage that a single person can do here, it makes a lot of sense to add a second security mechanism: limiting the degree to which each individual must be trusted. A decent system of code reviews, or change auditing, would go a long way to reduce the risk of this sort of thing.

I’ll also bet you anything that Microsoft has more security around its critical code than the U.S. military does.

Have Your Say: U.S. Government Contractor Injects Malicious Software into Critical Military Computers
Please read our posting guidelines before posting.
Alternatively you can discuss this report in our forum .

RSS TrackBack URL

Related News

This entry was posted on Sunday, April 15th, 2007 at 7:13 pm and is filed under Science & Technology News . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Translate: