[ISN] Exclusive: Army Admits To Major Computer Security Flaw

http://www.buzzfeed.com/justinesharrock/exclusive-army-admits-to-major-computer-security-flaw By Justine Sharrock BuzzFeed Staff August 30, 2013 The United States Army’s Deputy of Cybersecurity Roy Lundgren has confirmed with BuzzFeed the existence of a major computer security flaw that enables unauthorized access to users without proper security clearance. They say the best fix is to make soldiers aware of proper conduct, instead of fixing the technology itself. Countless computers, and the soldiers who use them, remain vulnerable to a simple hack, which can be executed by someone with little or no security expertise. The hack allows users with access to shared Army computers to assume the identities of other personnel, gaining their securities clearances in the process, and having their activity logged as that user. In order to log into a shared Army computer you need to insert your personal Common Access Code military ID. Each card contains a chip that has the individual soldier’s permissions and security details, and which helps the military track your activity. Once you remove the card, you are fully logged out. But the hack overrides that system during the shut down period. “There are instances where the log-off process does not immediately complete upon removal of the CAC. This occurs when the system is running logoff scripts and shutting down applications,” Lundgren told BuzzFeed. “The period of time that a system can be accessed following CAC removal before system logoff completes is normally not sufficient to gain unauthorized access.” […]