Monday, April 17, 2023

Faith in Networks?

By now, you’ve undoubtedly heard all about the recent massive leak of US military documents.  On the off chance that you haven’t, here’s a brief summary from The Guardian website, 
The man believed to be responsible for the leak of hundreds of US defence documents that have laid bare military secrets and upset Washington’s relations with key allies is a 21-year-old air national guardsman based in Massachusetts. 
Jack Teixeira was arrested at his home in the town of North Dighton, Massachusetts, by FBI agents on Thursday. 
Teixeira was the leader of an online chat group who uploaded hundreds of photographs of secret and top-secret documents, according to the New York Times. The online group called itself Thug Shaker Central, made up of 20 to 30 young men and teenagers who shared their love of guns, racist memes and video games. 
Members of the group have told the investigative journalism organization Bellingcat, the Washington Post and the New York Times that the documents were shared on Thug Shaker Central in an apparent attempt to impress the group, rather than to achieve any particular foreign policy outcome. 
The Times said it had seen about 300 of the documents, only a fraction of which have so far been reported, indicating the national security damage could be worse than has been acknowledged.[1] 
Do you grasp the meaning of this?  Our finest military security protocols couldn’t stop an amateur group of video gamers from accessing hundreds of secret documents.
 
Moving on to a seemingly unrelated note, our military continues to accelerate their complete and total commitment to, and dependence on, network and data based warfare in lieu of firepower.
 
I’m going to pause a few moments, here, to allow you to make the connection between those two pieces of information.
 
Dum de do … ta da da … yawn … boop de doo …
 
Okay, that’s long enough.  You see the connection, right?  Again, on the off chance someone (likely a US officer of flag rank) has failed to make the connection, I’ll spell it out.
 
We’re basing our entire future warfare capability on networks and data which can be – and are – breached daily.  If rank amateurs can do this what do you think China, Russia, Iran, and NKorea are doing to us?  We’re just not hearing about it because they don’t release the information they’ve obtained.  I doubt we have a single secret in our entire military that’s unknown to our enemies.
 
What’s going to happen when the war with China starts and we suddenly find that they know every specification on every weapon system we have?  Every strength, every weakness?
 
What’s going to happen when the war with China starts and we suddenly find that they know every battle plan we’ve ever developed?
 
What’s going to happen when the war with China starts and we suddenly find that they’re inside every network and monitoring our intel and communications in real time?
 
What’s going to happen when the war with China starts and China begins inserting fake intel and data into our networks and we can’t tell the difference between real and fake and we don’t know what data to trust and what to avoid?
 
 
If we can’t keep some amateur video gamers out, do we really think we can keep China out?  And, if we can’t keep China out, why are we basing our entire future military capability on an unsecured, wide open network(s)?
 
The most vulnerable aspect of our military is our networks so, of course, we’re building our entire future warfare capability around them.  What’s wrong with this picture?  Ask Battlestar Galactica what’s wrong with networks!
 
At this moment, some of you are still in denial and believe that our networks are secure.  Well, can you name a single major network that hasn’t been hacked recently?  How many times have you received notice that your personal data may have been compromised?  The conclusion is inescapable:
 
There’s no such thing as a secure network.
 
Definition of a network:  An electronic information system that aids hackers in the access and theft of information by organizing and storing it in large, central, easy to access data files.
 
 
 
______________________________
 
[1]The Guardian website, “Pentagon leaks: US air national guardsman, 21, identified as suspect”,Julian Borger and Manisha Ganguly, 13-Apr-2023,
https://www.theguardian.com/us-news/2023/apr/13/pentagon-leak-suspect-close-to-being-caught-says-joe-biden

39 comments:

  1. Like 1943's Operation Mincemeat, this "leak" is fake.

    Why should we dance with them? I am not interesting to read any from this "leak".

    ReplyDelete
    Replies
    1. Do you have any evidence to support this?

      Delete
    2. You've made a statement that is directly contradicted by the Pentagon which has acknowledged the leaks. Provide some evidence to support your claim or retract it as unfounded.

      Delete
    3. Former CIA officer Larry Johnson thinks its a White House op, blaming a white gun nut, someone Biden promised to rid our military of. Nothing that bad was revealed, and nothing new to those who follow war news outside the corporate media. Johnson noted that two documents were internal CIA documents, that DoD has no access to.
      https://sonar21.com/very-active-podcast-day-with-judge-napolitano-and-gonzalo-lira-talking-leaked-classified-documents/



      Delete
    4. "Can we really trust"

      Comment deleted. This is not a conspiracy blog.

      Delete
  2. Id recommend that units start training to doctrine, and learning to understand "Commanders Intent" yesterday. Because the idea that we will have secure networks is composed mainly of pixie dust and unicorn farts. We absolutely have to know how to fight and how to work in small to large groups without having to discuss it.
    Of course first we need to have a solid doctrine and Im not sure we do anymore, so thatd be a place to start.

    ReplyDelete
  3. From everything I've read, this data leak had little to nothing to do with networks, and everything to do with physical security.

    Information security has many layers, and physically securing your data is just as important as making sure your networks follow best practices.

    If a low-level individual can walk out with documents, or photographs of documents, then you have a real physical security issue. That is apparently what happened. It obviously shouldn't have, and we have known since the dawn of time how to keep this from occurring.

    As far as networks go, I am not a fan at all of the substitution of data for firepower, but you can go a long, long way to keep your data secure and available only to those with a need to know. I have no idea how effectively this is being done, and with an organization as big as the DoD I suspect is runs the gamut from excellent to awful.

    ReplyDelete
    Replies
    1. One report I read indicated that the documents were photos take of screen grabs (networked data) and print outs (physical security). I've seen no verification, yet.

      The reports that have been made public of foreign cyber-attacks/hacks of our DoD networks suggest extensive penetration especially when you figure that most attacks/hacks are not publicly revealed. For practical purposes, our networks have no security. Yes, they may stop a teenager who's screwing around (although it didn't stop these video gamers!) but they won't stop dedicated foreign cyber-attack specialists. Remember, even a 99% prevention rate is still a 100% failure.

      Delete
    2. As I understand it, bellingcat broke the story. The article can be found here.
      https://www.bellingcat.com/news/2023/04/09/from-discord-to-4chan-the-improbable-journey-of-a-us-defence-leak/

      If I'm reading it right, the reference to screen grabs refers to grabs from earlier servers where the leaked documents were posted. I'm getting the feeling that the whole thing was about a 21 year old trying to prove how cool he was to his friends online, and he physically stole a bunch of documents, photographed them and posted them.

      The fact he was able to walk out of a presumably secure facility with his pockets stuffed full of goodies is truly terrifying.

      Al Jazeera has a pretty good article on this too.
      https://www.aljazeera.com/news/2023/4/11/pentagon-intelligence-leak-heres-what-you-need-to-know

      Delete
    3. Let's see if they hold a commissioned officer accountable, and not pretend an E-3 is superman. Who was in charge of security? Will a Colonel be fired and ousted? Some say he had access as a tech. Really, our top secret systems are managed by an E-3 reservist who hadn't attended college?

      Probably grabbed stuff while disposing of the burn bag and shredding. I once worked in a secret facility that only officers could access, and we had to clean and vacuum our own office areas and dispose of our own trash. That was wise.

      This is the same issue as when E-2 Bradley Manning leaked stuff. Limit top secret access to E-5s and above, more mature servicemen who already reenlisted to show they like the military and want a career. Half of first term enlistees are still teenagers and disgruntled.

      Delete
    4. Limiting to TS to E-5 and above will make things difficult for small commands, especially the comms people.

      Comms folks are required by Navy HR policy to be TS eligible and most likely have their TS active in most commands. From experience, if a comms person doesn't have a TS, they are totally useless because the nature of the work involves handling TS material on a constant basis. Also, the comms people will most likely control a safe that can store TS material.

      Comms people have been leakers as well, the most infamous was Johnnie Walker.

      If you want TS to restrict to E-5 and above, then you would have radically redesign on how the Navy's does business. It may require overmanning the comms E-5 folks.

      Delete
  4. though the ability to have a fantastic shooter to target network is an awesome thought, it is something that should breed the word "redundant stand-alone ability" right alongside it. The FCS experiment the Army did, which in many ways has led to them being potentially the most cost effective/efficient user of R&D leading to modernized weaponry without failure (after being the worst by far), should be a warning. Networking multiple things together is often harder than simply jamming there, or far more sinister, spoofing them or leading to outright taking control of them (see airforce losing an RQ-170 to Iran, not exactly Red China on technology). It then often leads to the famous phrase that we'll need less of x, y and z because of how more efficient we'll be. In the Army's case it was we don't need a 70 ton tank, now we will see them way in advance and we can have 20 ton speedy tanks with hardly any protection (wrong). A giant network linking assets is great again, but the thought it can't be hacked/spoofed/jammed is foolhardy and when you look at the test results very rarely will you see anything brought up that it was done while a fleet of hackers and jamming vehicles of multiple types on land/air/space were attacking the networked effort. And the more you radiate, the easier to track. On the other end, you can get more with cheaper assets (note not less weapons, in fact you may need more due to cheap asset failure aka 5 mil $ drone versus 75 mil fighter human controlled), and the numbers can be networked for overwhelming response. I think in a humble opinion that is why you hear so much on AI, at some point you need the chord cut, and you send the so called killer asset on its own with no ability to stop it once sent and find its target.
    The other part that does seem problematic, there is a difference between saying linking some Marines on an island to shoot their ASM's at a Chinese destroyer beyond their own radar range with something sent from a longer range radar, say a ship or airborne or space asset, versus what looks to be a highly centralized "Pentagon-like" hub controlled by some modern day McNamara's. The last thing we need is another hub 5,000 miles plus away with more bureaucratic overhead to meddle and control. No, no, no.....

    ReplyDelete
  5. There are huge trade offs between complexity and security. There are networks that are difficult to break (see Bitcoin) but they are usually very simple with limited data throughput.

    So the best networks end up being something like LINK-16. The LINK-16 everything strategy going on in the background seems a lot more sensible than these high throughput networks that only encourage unit micromanagement.

    ReplyDelete
  6. The base in question at least has some serious security issues. The stolen data should be handled in a SCIF where no phones should be allowed, printers should be controlled same as external drives. It could be worse if the data was handled in via SCIF but the system administrator could access with with his workstation outside the secure facility. Where I work the system administrator sees the data beeing there, but can't access it. He has to run the network, troubleshoot the software but has no need to know what's in the files except in those cases in which the data inside the files causes problems. And i don't work with data subject to some sort of classification. While working in an i telligence unit requires a security clearance, the system administrator needs it for the security protocolls, networks and so on, but he doesn't need to know the content of the data that is on the network.

    ReplyDelete
  7. I seem to remember that code breaking, the cyber of its day, was an importany key to defeating Germany and Japan in WW2. Our success in the Battle of Midway was the result of breaking Japan's JN25 code and deciphering Japan's intentions to attack Midway.

    Actually, I'd say this is an instance of where our "finest military security protocols couldn’t stop" a cleared individual from leaking classified information to "an amateur group of video gamers."

    And, the alleged leaker didn't do this for money or for a woman, nor was he coerced into this. He allegedly did this to impress his gamer friends. There appears to be a maturity issue here as we are apparently giving Top Secret security clearances to children and not adults.

    ReplyDelete
    Replies
    1. Anyone working in a Comm Center is going to have a TS clearance. I had mine at 19 so we've been doing this for 50 years plus. OTOH, I never had the urge to leak classified documents to impress my friends.

      Delete
    2. I think this is a different issue in general. While certainly it is much easier to blame the maturity issue in the military but I think the bigger problem is how mental health in the military is at an all time low. This kid is clearly an extreme example of it, isolation from friends and family because of his job and lonely because the higher-ups and his team clearly doesn't care what he does since he seems to be able to do this over a time-period. He is definitely in a dark place and cling to the only way out is his Discord "friends" that shows somewhat care towards him. These kinds of people are not unique in the (current) military, just in varying stages and motivation. I could name at least 4 people like this in my NG unit alone and I assume there's much more as we look for them.

      That's also what happens when leadership don't care about enlisted and all the smart and patriotic kids either ETS early or never join in the first place. We are literally scraping the end of the barrel here.

      Delete
    3. The problem IMO is that far too much stuff in the military requires a TS clearance, so everything just gets blanket TS classification, and then the ACCESS to the info isn't properly controlled.

      Delete
    4. So you're saying that information would be more secure if it wasn't classified????

      Delete
    5. "So you're saying that information would be more secure if it wasn't classified????"

      The lack of a "Top Secret" label will make it less eye-catching, allowing such files to "hide in plain sight." It's a trick Kelly Johnson, who setup Skunk Works for Lockheed, often used to keep "top secret" info SECRET.

      Delete
    6. "So you're saying that information would be more secure if it wasn't classified????"

      When everything is classified Top Secret, and thus even a dumbfuck private needs to get a TS clearance, then as a practical effect, nothing is truly classified. Therefore, to maintain security, you have to put more effort on compartmentalisation and controlling access. My point is that the military relies too much on classification, and not enough on controlling access to information.

      Delete
    7. "hide in plain sight."

      So, to take your theory to its logical conclusion, the best security system would be to place critical documents on billboards across America?

      Delete
    8. "My point is that the military relies too much on classification, and not enough on controlling access to information."

      Okaaaaay ... Classification is a separate issue from security and security is the subject of this post. Do you have a suggestion for improving security?

      Delete
    9. "The lack of a "Top Secret" label will make it less eye-catching, allowing such files to "hide in plain sight." It's a trick Kelly Johnson, who setup Skunk Works for Lockheed, often used to keep "top secret" info SECRET."

      I don't think that works anymore in the digital age.
      You could have indeed hidden important information by simply shoving an unimportant-looking document among a bunch of other irrelevant files and it might have gone unnoticed, but times have changed.

      Delete
  8. "Do you grasp the meaning of this? Our finest military security protocols couldn’t stop an amateur group of video gamers from accessing hundreds of secret documents."

    The amateur group of video gamers had access to these documents because they were leaked by a member who had access. This is not, alas, a new thing:

    https://www.encyclopedia.com/politics/encyclopedias-almanacs-transcripts-and-maps/sex-secrets-scandal

    https://www.upi.com/Archives/1988/01/25/Embassy-Marine-convicted-in-Moscow-scandal-honorably-discharged/5094570085200/

    The US Embassy Sex for Secrets scandal is literally older than Jake Teixeria.

    ReplyDelete
    Replies
    1. My point is that this is not a new phenomenon. At the end of the day, people are still motivated by MICE - Money, Ideology, Coercion, Ego.

      In Teixeria's case, the security protocols worked - to a point. They kept the amateur gamers and outsiders out. The problem is that Teixeria bypassed those security protocols from the inside (because he was an insider, like the Sex for Secrets Marines, like Manning, like Snowden), and leaked secrets for internet clout - i.e. the Ego motivation.

      This is not a new thing, really. It's been going on since the Cold War. The problem is that thanks to 20 years of the GWOT, the US military's counterintelligence focus has atrophied massively.

      And of course there was the Fat Leonard scandal that gutted 7th Fleet's leadership, where Francis Leonard literally had up to date intel on 7th Fleet's movements and could direct the movement of ships for port visits. There's a hell of a lot that an attacker can do with that information.

      Delete
    2. Um ... okay ... aside from that brief historical summary, do you have a point to make? "Not new" is not exactly an astounding revelation!

      Delete
  9. Networking assumes spectrum too

    https://breakingdefense.com/2023/04/international-meeting-could-imperil-pentagons-radar-intel-gathering-systems/

    -LP

    ReplyDelete
    Replies
    1. For example, in the context of Cooperative Engagement. Not only is there the issues of network security, information trust, jamming, EMCON concerns, etc, etc....

      There's also the general problem of the ever-growing "electromagnetic soup".

      Granted the article is generally focused on radar, it seems plausible for network interference to become just as big a factor as security itself.

      Seems to make CEC nodes a bigger target the more they have to scream over other sources competing for spectrum.

      Delete
    2. "Seems to make CEC nodes a bigger target the more they have to scream over other sources competing for spectrum."

      I'm not quite sure what you think CEC/Link 16 is competing with. Aegis SPY-1, for example, operates in the S-band range of 2-4 GHz which is far from the Link 16 radio frequency band of 960–1,215 MHz.

      Is there a specific interference you're concerned about?

      Delete
  10. What struck me most after reviewing some of the leaked pages is the absolutely pitiful quality of the intelligence material they contain, which is supposedly part of a briefing a few weeks ago for or by the Chiefs of Staff.
    I mean if TS information can be confirmed from OSINT, it's not exactly TS, right, so I'm thinking that there has to be more to this than meets the eye (or at least I hope there is, otherwise things must be even worse than we already think they are).
    Apart from the semi-comical nature of the leaks, the most embarrassing part of the whole farcical business imo is the fact that it's now pretty clear that we have little or no idea of what the Ukrainians are about, except what they choose to tell us or what we can learn from spying on them and bugging their phones etc., and once across the Poland Ukraine border the tens of billions of dollars of US military aid and equipment we're supplying just disappear into some sort of black hole.
    Given that we know how corrupt these guys are and the security risk if some of the thousands of MANPADS we've given to Ukraine go astray this is a long way south of what should be an acceptable use of US taxpayer's money.

    ReplyDelete
  11. With a little passage of time of time what OSS becoming clear out of the soup of Ukraine is that our reliance on GPS is a serious weak link. Russia is growing in capacity to jam signals

    Using they’re lessons learned which will undoubtedly be sent to China means ALL electromagnetic signals are going to be seriously degraded in a war.

    Russia just showed China our Achilles heel!!

    ReplyDelete
    Replies
    1. " becoming clear out of the soup of Ukraine is that our reliance on GPS is a serious weak link."

      I'm not disagreeing but do you have any verified facts to support that statement?

      Delete
  12. This isn’t really a surprise considering it was expected and I really don’t trust the news but this has been reported over multiple sites.

    The other factor, according to the document, is that suspected Russian GPS jamming has gotten in the way of JDAM-ER operations and has caused some misses, which it says has happened before with Ukraine's guided multiple launch rockets (GMLRS).


    Source material. https://www.businessinsider.com/russian-jamming-maybe-interfering-us-bomb-kit-ukraine-leaked-documents-2023-4?amp

    I would expect of GPS is now vulnerable, any satellite or ground based signal is compromised and prone to interference

    ReplyDelete
    Replies
    1. You need to learn how to read an information source and assign a level of credibility to it. For example, from the source you cite,

      ""However, the Director of the Joint Navigation Warfare Center (JNWC) stated based on their analysis, GPS jamming should not have affected the JDAM-ER strikes based on target location compared to active Russian jammers, but other factors may have prevented the JDAM-ER from acquiring GPS signal," the Pentagon document notes."

      Note that the US claims GPS should not have been affected but that OTHER FACTORS may contribute to misses. If true, that's radically different than GPS being 'jammed/spoofed'.

      Also, note the extremely small sample size:

      "At the time of the document's publication ... Ukraine's air force had dropped at least nine JDAM-ER bombs against Russian targets, but four of them appear to have missed due to Russian jamming."

      Nine bombs is way too small to draw any valid conclusions.

      Finally, note this,

      "Insider was not able to independently verify the contents of the document."

      So, what does that leave us with? Claims and counter-claims, a very small data sample size, and lack of verification. What that tells you/me is that this is interesting but a long, long, long, long, long ways from proof. It's far more speculation than fact. We can't even call it well founded speculation. It might be true but it equally might not.

      I would normally delete your comment as unfounded but this serves as a good 'teaching' moment about assessing sources and credibility.

      I offer this comment as education about assessing sources, not as criticism of you. I hope you'll accept it as such and apply the lessons of critical analysis of sources to your future reading.

      Delete
    2. It’s been a few decades since I did some engineering on GPS receivers for bombs. But jamming and spoofing the signal has always been an issue

      Delete
    3. And that may - or may not - be applicable in this case.

      One of the ways I try to make this blog a cut above is that I strive to separate speculation from fact and this is a good case study in that effort. Just because something MIGHT be happening doesn't mean that it is happening. Without proof, this is just speculation.

      Delete

Comments will be moderated for posts older than 7 days in order to reduce spam.