November 26,2008:
The U.S. military is a having more problems keeping hackers out of its
private Internet, and is responding by outlawing memory sticks (thumb drives,
flash memory devices, whatever, that plug into USB ports).
The
Department of Defense has a top secret network (SIPRNET, that operates just
like the Internet) that is available
only to people in the army. The latest problem is hacker programs
("worms") that automatically copy themselves to rewritable CDs and
DVDs as well as memory sticks. Then, the next time CD/DVD/memory stick is read
by another program, the "worm" program copies itself onto that
computer, and tries to secretly take over, and enable hackers to gain access
and steal stuff. This stuff is so scary that the military has told troops to
not use memory sticks on military computers. This has caused problems in the
combat zone, where there is not a lot of bandwidth (Internet capacity) for
moving information around. Troops prefer to keep a lot of stuff on memory
sticks.
The Pentagon
has had increasing security problems with its internal Internet networks. The
Department of Defense has two private Internets (using Internet technology, but
not connected to the public Internet). NIPRNET is unclassified, but not
accessible to the public Internet. SIPRNET is classified, and all traffic is
encrypted. You can send top secret stuff via SIPRNET. However, some computers
connected to SIPRNET have been infected with computer viruses. The Pentagon was
alarmed at first, because the computers only used SIPRNET. As a result, they
did not have any anti-virus software installed. It turned out that worm type
hackware was the cause of infection, and was installed when someone used a memory
stick or CD, containing the worm, to work and, well, you know the rest.
Before the
Internet came along, this was a common method for viruses and other malware to
get around (slowly, but the stuff did travel that way.) NIPRNET is also
vulnerable. Even though the Department of Defense installed new hardware
(special routers, for example) and software to increase security, the worms
were still getting in. And with that, there was the risk of a worm being
designed to seek out and collect secret information, and keep copying itself to
new media until it found itself on a PC with an Internet connection. At that
point, the secrets could be transmitted to the hackers who had unleashed the
worm.
The military
is a big user of the public Internet, and they have discovered that most of the
intrusions (hacks and viruses) are the result of poor configuration (not
keeping the hardware and software set up correctly to defeat known
vulnerabilities), or not installing patches and security update in time. The
rest of the intrusions come from more mundane problems, like using an easily
cracked password, or no password at all. Network security has always been a
people problem, and these recent incidents are a sharp reminder of that.
It's easy
for troops to be doing something on SIPRNET, then switch to the Internet, and
forget that they are now on an unsecure network. Warnings about that sort of
thing have not cured the problem. The Internet is too useful for the troops,
especially for discussing technical and tactical matters with other soldiers.
The army has tried to control the problem by monitoring military accounts
(those ending in .mil), but the troops quickly got hip to that, and opened another
account from Yahoo or Google, for their more casual web surfing, and for
discussions with other troops. The Internet has been a major benefit for combat
soldiers, enabling them to share first hand information quickly, and
accurately. That's why the troops were warned that the enemy is actively
searching for anything G.I.s post, and this stuff has been found at terrorist
web sites, and on captured enemy laptops. In reality, information spreads among
terrorists much more slowly than among American troops. But if soldiers discuss
tactics and techniques in an open venue, including posting pictures and videos,
the enemy will eventually find and download it. The terrorists could speed up
this process if they could get the right hackware inside American military
computers.