Ransomware takedown of DTS went unnoticed for years
Approved expense reports would have raised more suspicions.
| Jul 16 | 14 | 5 |
By W.E. Linde
WASHINGTON — A newly-released report from the Pentagon has found that the Defense Travel System, the automated travel scheduling and payment system used by military personnel for over 15 years, was taken down approximately 5 years ago by a ransomware attack from foreign cybercriminal hackers. As of the release of the report, hardly anyone had noticed.
“Most of us just figured we weren’t getting paid because the system is notoriously buggy,” said Master Sgt. Ken Gates, an Air Force instructor who travels frequently. “But now they’re saying it’s because an Eastern European hacker group seized critical data and wants to be paid by the government before they release it? Yeah, well, stand in line, dudes.”
The review of DTS was part of a series of Pentagon-wide audits which started in 2017. Of the three audits so far, the Pentagon has not passed a single one.
“So we figured, well, that’s life!” said Col. Thomas Mallory, of the Defense Finance Accounting Service. “DTS is a mess, just like the rest of our finances. C’est la vie!”
This sentiment was shared all through the ranks.
“I had the hardest time scheduling my flight and lodging for TDY about six months ago,” said Maj. Jennifer McClain, an Army intelligence officer. “About a week after I submitted my voucher, I got a message saying that I will never see a penny until the U.S. quits supporting Israel. I thought it was just being honest that my approving officials would never do their jobs. It was kind of refreshing.”
Capt. Daniel Tayler accompanied Maj. McClain on that TDY. “I had uploaded receipts for my hotel and flight,” Tayler said. “Two weeks later, I was informed by DTS to ‘reload those receipts, you bitch. You still won’t get money.’ I was impressed that the system wasn’t pretending to want to help me anymore.”
A review of the messages issued by the foreign cybercriminals responsible show that, at first, they grew increasingly frustrated with not being noticed.
“Your hotel and rentals are now canceled” read one message. “You can blame your homicidal government for meddling in the Middle East for this! Are you even listening?” But within the last few months, that anger changed to frustration, and then concern.
“How do you live like this?” the hackers recently asked Air Force Staff Sgt. Daniel Kane, after payment for his TDY to NCO academy was delayed for a third time. “We can maybe float you a loan, if you need it.”
Once the ransomware takedown was detected, Pentagon finance teams sprang into action.
“We submitted an authorization request for a TDY to Congress so we could ask for money to fix it,” said Col. Mallory. After a few moments of refreshing his screen, he sighed. “It’s not approved yet.”
W.E. Linde (aka Major Crunch) writes a lot. Former military intelligence officer, amateur historian, blogger/writer at DamperThree.com. Strives to be a satirist, but probably just sarcastic. Twitter @welinde. As for Class contributed to this report.
| 14 | 5 |
Are you sure? DOD still owes me travel, rental car and lodging expenses from 1985 and we were still in pen and paper back then. Last year they asked for copies of my receipts for a stay at La Quinta at Killeen, Texas for a mission I did during Bill Clinton's first administration.
How do you live like this?” the hackers recently asked Air Force Staff Sgt. Daniel Kane, after payment for his TDY to NCO academy was delayed for a third time. “We can maybe float you a loan, if you need it.”
Sounds like there’s a connection between off-base predatory lenders and cyberterrorism!