Vanguard Defense Industries suffers Anonymous hack attack

VanGuard's ShadowHawk helicopterAnonymous hackers working under the flag of AntiSec have targeted a US defense contractor, stealing and publishing thousands of emails and documents.

Vanguard Defense Industries (VDI) works closely with government agencies such as the Department of Homeland Security and FBI, developing the unmanned remote-controlled ShadowHawk helicopter which can be used for aerial surveillance and fly at up to 70mph, shooting grenades and shotgun rounds in combat situations.

Of course, real life battlefield technology like that is no protection against cybercriminals, who appear to have published emails and documents containing VDI meeting notes, contracts, schematics and other confidential information as part of the hackers' ongoing "F**k FBI Friday" campaign.

VanguardA statement from the hackers will remind readers of past hack attacks on Monsanto and Infragard, and makes clear that VDI's senior vice president Richard T. Garcia was being singled out for particular attention:

The emails belong to Senior Vice President of VDI Richard T. Garcia, who has previously worked as Assistant Director to the Los Angeles FBI office as well as the Global Security Manager for Shell Oil Corporation. This leak contains internal meeting notes and contracts, schematics, non-disclosure agreements, personal information about other VDI employees, and several dozen "counter-terrorism" documents classified as "law enforcement sensitive" and "for official use only".

Richard T. Garcia is also an executive board member of InfraGard, a sinister alliance of law enforcement, military, and private security contractors dedicated to protecting the infrastructure of the very systems we aim to destroy. It is our pleasure to make a mockery of InfraGard for the third time, once again dumping their internal meeting notes, membership rosters, and other private business matters.

AnonymousThe hackers seemed keen to underline that they weren't planning to cease their activities anytime soon:

We are doing this not only to cause embarrassment and disruption to Vanguard Defense Industries, but to send a strong message to the hacker community. White hat sellouts, law enforcement collaborators, and military contractors beware: we're coming for your mail spools, bash history files, and confidential documents.

Operation AntiSec is the name that has been given to a series of hacking attacks, born out of the activities of Anonymous and the burning embers (or should that be watery grave?) of LulzSec.

Past victims have included US government security contractor ManTech and DHS contractor Booz Allen Hamilton.

Once again, a defense contractor is learning a lesson the hard way about the importance of strong computer security.


VDI and the Microsoft VDA License

If you are working on or looking into VDI, you should ensure an appropriate level of attention is given to the licensing side of whichever solution you'll use. Along with the myriad of technical details to keep in mind, the licensing side of a VDI project is just as critical.

I am by no means an expert in Microsoft Licensing and you should ALWAYS consult with your preferred vendor to arrive at a warm fuzzy feeling when it comes to license compliance (is there such a thing with regards to licensing?). If you haven't guessed already this article is going to be Microsoft center, albeit you can have linux and other OS based virtual desktops.

To start off, VDI is the acronym for Virtual Desktop Infrastructure. In short this is the running of (usually multiple) virtual desktop operating systems on a physical system and accessing them remotely. There are troves of articles out on the net about the merits, challenges, and use cases for VDI.

The initial thought for licensing these virtual instances of a desktop OS is often simply to go buy a license for each one and be done. That is not the case when it comes to Microsoft Windows. Microsoft realized there is value in running their software this way and subsequently created new licensing for such use cases. This is where VDA comes into play.

Two methods exists, that I'm aware of, for properly licensing virtual instances of Windows desktops: VDA and SA. SA or Software Assurance comes into play for corporate systems that have their Desktop OS SA maintained. These systems can be used to access VDI instances. The other is the VDA license. The VDA license is a bit more flexible (and costly) than SA because it can apply to a non Microsoft client device as well as non-corporate devices (contractor, employee owned PC,etc). You can read lots more about Microsoft and Virtual Desktops on Microsoft's Website.

The big question that I've always had until recently around the VDA license is: is it just an "Access Right" license or does it also include the virtual desktop OS? In the Microsoft world "Access" licenses, or CALs as they are often called, are very common - so quite naturally I wondered if the annual subscription based VDA license was only a "CAL" or more so. So after receiving a not so clear response from my Microsoft vendor, I consulted Google for other's experiences. I ran across this VMware Community thread some time ago and subscribed to it with hopes a more definitive update would be posted. Just today a post came through from MoffattThomas, quoting a Microsoft representative stating(summarized): the VDA includes the OS key for the virtual desktop. So there you go - Virtual OS and access rights!