Information Warfare: It Came In Through That Memory Stick


November 26,2008: The U.S. military is a having more problems keeping hackers out of its private Internet, and is responding by outlawing memory sticks (thumb drives, flash memory devices, whatever, that plug into USB ports).

The Department of Defense has a top secret network (SIPRNET, that operates just like the Internet) that is available only to people in the army. The latest problem is hacker programs ("worms") that automatically copy themselves to rewritable CDs and DVDs as well as memory sticks. Then, the next time CD/DVD/memory stick is read by another program, the "worm" program copies itself onto that computer, and tries to secretly take over, and enable hackers to gain access and steal stuff. This stuff is so scary that the military has told troops to not use memory sticks on military computers. This has caused problems in the combat zone, where there is not a lot of bandwidth (Internet capacity) for moving information around. Troops prefer to keep a lot of stuff on memory sticks.

The Pentagon has had increasing security problems with its internal Internet networks. The Department of Defense has two private Internets (using Internet technology, but not connected to the public Internet). NIPRNET is unclassified, but not accessible to the public Internet. SIPRNET is classified, and all traffic is encrypted. You can send top secret stuff via SIPRNET. However, some computers connected to SIPRNET have been infected with computer viruses. The Pentagon was alarmed at first, because the computers only used SIPRNET. As a result, they did not have any anti-virus software installed. It turned out that worm type hackware was the cause of infection, and was installed when someone used a memory stick or CD, containing the worm, to work and, well, you know the rest.

Before the Internet came along, this was a common method for viruses and other malware to get around (slowly, but the stuff did travel that way.) NIPRNET is also vulnerable. Even though the Department of Defense installed new hardware (special routers, for example) and software to increase security, the worms were still getting in. And with that, there was the risk of a worm being designed to seek out and collect secret information, and keep copying itself to new media until it found itself on a PC with an Internet connection. At that point, the secrets could be transmitted to the hackers who had unleashed the worm.

The military is a big user of the public Internet, and they have discovered that most of the intrusions (hacks and viruses) are the result of poor configuration (not keeping the hardware and software set up correctly to defeat known vulnerabilities), or not installing patches and security update in time. The rest of the intrusions come from more mundane problems, like using an easily cracked password, or no password at all. Network security has always been a people problem, and these recent incidents are a sharp reminder of that.

It's easy for troops to be doing something on SIPRNET, then switch to the Internet, and forget that they are now on an unsecure network. Warnings about that sort of thing have not cured the problem. The Internet is too useful for the troops, especially for discussing technical and tactical matters with other soldiers. The army has tried to control the problem by monitoring military accounts (those ending in .mil), but the troops quickly got hip to that, and opened another account from Yahoo or Google, for their more casual web surfing, and for discussions with other troops. The Internet has been a major benefit for combat soldiers, enabling them to share first hand information quickly, and accurately. That's why the troops were warned that the enemy is actively searching for anything G.I.s post, and this stuff has been found at terrorist web sites, and on captured enemy laptops. In reality, information spreads among terrorists much more slowly than among American troops. But if soldiers discuss tactics and techniques in an open venue, including posting pictures and videos, the enemy will eventually find and download it. The terrorists could speed up this process if they could get the right hackware inside American military computers.




Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contribute. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   contribute   Close