Information Warfare: The Wrath Of The Worm


September 24, 2009: Last year, the U.S. Department of Defense banned the use of USB data devices (thumb drives) on their computers. This was all because they were having more problems keeping hackers out of its private Internet. But now, the USB devices are being allowed back, but only if they use new versions that have security built in. Military network software has been modified to recognize the secure USB memory sticks (and so on), and continue to block unauthorized devices.

The original panic came about when a worm program got on to a secret network via a USB device. The top secret network (SIPRNET, that operates just like the Internet)  is available only to people in the military. The problem in question was  hacker programs ("worms") that automatically copy themselves to rewritable CDs and DVDs as well as memory sticks. Then, the next time CD/DVD/memory stick is read by another program, the "worm" program copies itself onto that computer, and tries to secretly take over, and enable hackers to gain access and steal stuff. This stuff is so scary that the military promptly told troops to not use memory sticks on military computers. This caused problems in the combat zone, where there is not a lot of bandwidth (Internet capacity) for moving information around. Troops prefer to keep a lot of stuff on memory sticks. When the troops rebelled against these restrictions, some units physically sealed USB ports on some machines. But, in the end, the troops won this round.

The Pentagon has had increasing security problems with its internal Internet networks. The Department of Defense has two private Internets (using Internet technology, but not connected to the public Internet). NIPRNET is unclassified, but not accessible to the public Internet. SIPRNET is classified, and all traffic is encrypted. You can send secret stuff via SIPRNET.

These worm programs could do all sorts of damage on the closed SIPRNET, and even presented the possibility of getting secret information off the "secure" net (by copying data to a hacker program that then attempts to copy itself to other memory devices, and then PCs hooked up to the Internet, and then transmit the secret stuff back to the hacker, or spy.)

Before the Internet came along, programs that automatically copied themselves, was a common method for viruses and other malware to get around (slowly, but the stuff did travel that way.) NIPRNET is also vulnerable. Even though the Department of Defense installed new hardware (special routers, for example) and software to increase security, the worms were still getting in.

The military is a big user of the public Internet, and they have discovered that most of the intrusions (hacks and viruses) are the result of poor configuration (not keeping the hardware and software set up correctly to defeat known vulnerabilities), or not installing patches and security update in time. The rest of the intrusions come from more mundane problems, like using an easily cracked password, or no password at all. Network security has always been a people problem, and these recent incidents are a sharp reminder of that.

It's easy for troops to be doing something on SIPRNET, then switch to the Internet, and forget that they are now on an unsecure network. Warnings about that sort of thing have not cured the problem. The Internet is too useful for the troops, especially for discussing technical and tactical matters with other soldiers. The army has tried to control the problem by monitoring military accounts (those ending in .mil), but the troops quickly got hip to that, and opened another account from Yahoo or Google, for their more casual web surfing, and for discussions with other troops.

The Internet has been a major benefit for combat soldiers, enabling them to share first hand information quickly, and accurately. That's why the troops were warned that the enemy is actively searching for anything G.I.s post, and this stuff has been found at terrorist web sites, and on captured enemy laptops. In reality, information spreads among terrorists much more slowly than among American troops. But if soldiers discuss tactics and techniques in an open venue, including posting pictures and videos, the enemy will eventually find and download it. The terrorists could speed up this process if they could get the right hackware inside American military computers. But right now, the enemy just googles for useful chatter from Western troops.





Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   Contribute   Close