Military bans disks, threatens courts-martial to stop new leaks
By Noah Shachtman, WIRED
"Unauthorized data transfers routinely occur on classified networks using removable media," a military order says.
(WIRED) -- It's too late to stop WikiLeaks from publishing thousands more classified documents, nabbed from the Pentagon's secret network.
But the U.S. military is telling its troops to stop using CDs, DVDs, thumb drives and every other form of removable media -- or risk a court martial.
Maj. Gen. Richard Webber, commander of Air Force Network Operations, issued the December 3 "Cyber Control Order" -- obtained by Danger Room -- which directs airmen to "immediately cease use of removable media on all systems, servers, and stand alone machines residing on SIPRNET," the Defense Department's secret network.
Similar directives have gone out to the military's other branches.
"Unauthorized data transfers routinely occur on classified networks using removable media and are a method the insider threat uses to exploit classified information. To mitigate the activity, all Air Force organizations must immediately suspend all SIPRNET data transfer activities on removable media," the order adds.
It's one of a number of moves the Defense Department is making to prevent further disclosures of secret information in the wake of the WikiLeaks document dumps.
Pfc. Bradley Manning says he downloaded hundreds of thousands of files from SIPRNET to a CD marked "Lady Gaga" before giving the files to WikiLeaks.
To stop that from happening again, an August internal review suggested that the Pentagon disable all classified computers' ability to write to removable media.
About 60 percent of military machines are now connected to a Host Based Security System, which looks for anomalous behavior. And now there's this disk-banning order.
One military source who works on these networks says it will make the job harder; classified computers are often disconnected from the network, or are in low-bandwidth areas.
A DVD or a thumb drive is often the easiest way to get information from one machine to the next. "They were asking us to build homes before," the source says. "Now they're taking away our hammers."
The order acknowledges that the ban will make life trickier for some troops.
"Users will experience difficulty with transferring data for operational needs which could impede timeliness on mission execution," the document admits. But "military personnel who do not comply ... may be punished under Article 92 of the Uniformed Code of Military Justice."
Article 92 is the armed forces' regulation covering failure to obey orders and dereliction of duty, and it stipulates that violators "shall be punished as a court-martial may direct."
But to several Defense Department insiders, the steps taken so far to prevent another big secret data dump have been surprisingly small. "After all the churn.... The general perception is business as usual. I'm not kidding," one of those insiders says. "We haven't turned a brain cell on it."
Tape and disk backups, as well as hard drive removals, will continue as normal in the military's Secure Compartmented Information Facilities, where top-secret information is discussed and handled. And removable drives have been banned on SIPRNET before.
Two years ago, the Pentagon forbade the media's use after the drives and disks helped spread a relatively unsophisticated worm onto hundreds of thousands of computers.
The ban was lifted this February, after the worm cleanup effort, dubbed "Operational Buckshot Yankee," was finally completed. Shortly thereafter, Manning says he started passing information to WikiLeaks.
Specialists at the National Security Agency are looking for additional technical ways to limit, disable or audit military users' actions.
Darpa, the Pentagon's leading-edge research arm, has launched an effort to "greatly increase the accuracy, rate and speed with which insider threats are detected ... within government and military interest networks."
But, like all Darpa projects, this one won't be ready to deploy for years -- if ever. For now, the Pentagon is stuck with more conventional methods to WikiLeak-proof its networks.
Credit: CNN (www.cnn.com)
No comments:
Post a Comment