Military Threatens To Court Martial Anyone Using USB Drives Or Other Removable Media
from the overreacting... dept
Apparently, one strategy the military is taking in a weak attempt to prevent a future State Department cable leaks, like the one currently going on, is to ban all forms of removable media and to threaten to court martial anyone caught using USB keys or CD-Rs on machines connected to SIPRNET. Apparently this is kind of frustrating for many in the military:One military source, who works on these networks, says it will make the job harder; classified computers are often disconnected from the network, or are in low-bandwidth areas. A DVD or a thumb drive is often the easiest way to get information from one machine to the next. "They were asking us to build homes before," the source says. "Now they’re taking away our hammers."The thing is, just like TSA patdowns, this is targeting the last leak, rather than the next leak. If someone wants to leak the content, they'll figure out a way to do so, even if they can't stick a USB key into a computer.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: court martial, military, removable media, wikileaks
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
Great idea
[ link to this | view in thread ]
Let me count the ways
They'll have to ban most anything that plugs into USB, RS232, or printer ports, laptops, wireless, infra-red, keyboards, and I suppose screens as a start. Softwares to set the MAC, OS fingerprint, and IP are common. The tools they need to do deep packet inspection in their firewalls are the same tools needed to redirect or copy those packets. There are trojans that copy themselves to GPUs and to network cards and can do the dirty work without the CPU or OS, and similar virii are expected for some wireless cards too.
Good luck.
[ link to this | view in thread ]
Thereby doing precisely what Assange wants them to do
Anyone who has read what Assange has written about his goals for Wikileaks knows that this is precisely one of the outcomes that he was trying to produce: the disruption of internal communications and thus organizational function.
Assange 1, military 0.
[ link to this | view in thread ]
Maybe they need to put one of them TSA groping stations at the entrance to every facility connected to SIPRNET.
I mean ... afterall it's for YOUR security ... right ?
[ link to this | view in thread ]
Smartphones
[ link to this | view in thread ]
If they want real security
anything else is just bullshit to the reality of computing in a comedic fashion.
[ link to this | view in thread ]
Simple solution
[ link to this | view in thread ]
The ones they use at Los Alamos don't. My friend works on Govt. projects for Lucent A. and his secure computer doesn't.
I would imagine that since the computers connected to SIPRNet are considered lower threat, they do.
[ link to this | view in thread ]
This isn't an unreasonable policy.
[ link to this | view in thread ]
Wrong department...
[ link to this | view in thread ]
There's a group policy setting for that
[ link to this | view in thread ]
Re: Let me count the ways
The problem isn't the policy. It's that people are actively resisting it, and that IS related to policy.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
Sometimes you have to have removable media though. Not every computer is hooked to the network and various agencies don't necessarily have common access to the same networks. (say your in the Navy and your working with the FBI...it might not make sense to connect the FBI to the Navy's network)
Size limits also can make it so removable media is the best way to move data.
[ link to this | view in thread ]
[ link to this | view in thread ]
It's turning into one big prison & the innocent are now treated as common criminals (this case employees) w/patdowns & bodyscans. Where is the outrage any more?
Need to read a new book just out about Americans who actually take a stand against tyranny (based in part on real people & events). It’s a thriller so I recommend it.
www.booksbyoliver.com
Besides, the military will spend billions to correct this problem. There are just too many military installations & other federal agencies that are cc: on their cables that can remove the classified telegrams/documents. Good article. Thanks.
[ link to this | view in thread ]
My mother worked at a defense agency where her computer had no output devices, and had to lock her removal hardrive in a vault every night. She was planning surprise inspections of foreign WMD facilities and the need for secrecy was extreme. The fact that there were any connections outside a computer besides a ethernet port is ridiculous even if it is inconvenient to actual military.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
Are any of these "secure" servers on a network?
Are any of the other machines on the same network capable of having a usb drive mounted? If so anyone with basic knowledge could get data off of your servers and pull it down to the other computer and then put it on a usb drive.
[ link to this | view in thread ]
Let's suppose SIPRNET is secure (just for the sake of argument)
What about all the computers in the hands of their diplomatic staff, where "they" equates to "people our staff send and receive cables from"?
What about the networks in those locations -- our and theirs? Wired and wireless?
And so on.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Smartphones
I could be sitting at one of the computers dumping gigs of data to the phone sitting in my pocket with no visible indication.
[ link to this | view in thread ]
Bluetooth
[ link to this | view in thread ]
Too bad I had to cancel my PayPal and Amazon accounts out of principle, but that's ok - there's more than one place on the web that does those services!
[ link to this | view in thread ]
This is old news
Removable storage has always been a concern since the days of the floppy disk (yes the 5 1/4" kind!) and folks have gotten into trouble for using the same removable storage devices on both a secure and a non-secure machine. Quite often these machines were sitting right next to each other.
There are really very few reasons to use removable storage devices to move data from the non-secure machine to the secure one. Most of the problems with which I am familiar occurred when people mixed up which removable device was for the secure side and which was for the non-secure side.
The headline of Mike's post should probably be edited a bit. I didn't see any threats when I read the source article. Service members are routinely "reminded" of what will happen if classified information escapes. Call it a threat if you wish, but it's actually just business as usual.
[ link to this | view in thread ]
Why Did They Allow It In The First Place
I know of multiple companies that don't allow anything to be plugged into the USB ports. Some even disable the USB ports completely, and yes they use only PS/2 keyboards and mice. And these companies don't deal with classified data.
[ link to this | view in thread ]
Now the US military is being castigated for imposing one (of surely several) control to keep classified information under warps.
Clearly, there appears to be nothing that the US military can do to satisfy the security experts here.
[ link to this | view in thread ]
Let me count the ways:
1. IrDA - infrared wireless
2. Bluetooth
3. WiFi
4. Print out as dense 2D barcode on paper to be scanned off-site.
Closing the barn door after the cows get out is never a satisfactory solution for leaving the door open in the first place. "Those who do not learn from history are doomed to repeat it."
[ link to this | view in thread ]
Is This Really a New Policy?
[ link to this | view in thread ]
Secure it with Windows Group Policies
This is a standard built in function.
Yes, Windows is VERY secure.
[ link to this | view in thread ]
Re:
Actually, there are some thing they could do which would be quite effective -- but they will never do them.
First on my list would be "figure out how to operate effectively while handling 1% of the secrets you currently handle". But I'm sure they'd dismiss the concept immediately -- it would require that they actually (gasp!) THINK and that's really quite too much to ask.
[ link to this | view in thread ]
[ link to this | view in thread ]
military bans disks, cds, etc
you need to think more seriously here as this time your snark is wildly off base. it's hardly a case of the brass fighting the last war. no doubt, they have to think long & hard about how to secure data. but this is hardly overreacting. it's actually a (dull) sensible policy.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re:
Not really. That's just the old "security is inconvenient" excuse. And if you really, really have to have a USB port for something that just can't be otherwise hardwired, in Windows and most other OS's it can be restricted to only certain devices.
Sometimes you have to have removable media though.
Very rarely. And in those rare cases, it can be limited to specific secure devices. Not just every flash drive and disk somebody shoves in it.
You really don't know what you're talking about.
[ link to this | view in thread ]
Re: Why Did They Allow It In The First Place
Back when I was involved with such things, we *didn't* allow it. Period.
However, incompetent military commanders have since overridden security specialists and rescinded many of those restrictions in the name of "morale". It seems that younger military personnel were complaining that they just couldn't function without Lady Gaga and YouTube on their supposedly secure systems. Of course, now they've had the inevitable leaks as a result. That's the price you pay.
[ link to this | view in thread ]
Re:
It used to be. The problem is that non-technical military commanders have little respect for "geeks". Thus, when a security "geek" does something that the non-tech commander finds inconvenient, it gets changed. And so it did.
[ link to this | view in thread ]
Re: Let me count the ways
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Why Did They Allow It In The First Place
[ link to this | view in thread ]
This has been discussed for years
Among the several reasons that it wasn't then was the simple fact that sometimes you NEED to move data for presentations and such.
It seems from what I have read that there are many more people with access to it now than then.
Also to the people who were commenting on locked access and such. Yes these computers are usually locked up and if not locked are required to be guarded by a human being at all times that they are available. It could be quite a hassle.
Fortunately at the help desk level all I ever saw was the requests for service. My job was just to pass them on to appropriate authority.
[ link to this | view in thread ]
Weren't they already banned?
[ link to this | view in thread ]