Ramblings of a Professional Computer Geek

December 3, 2008

Virus Affects 75% of Systems on Afghanistan Military Base

Filed under: Linux — Padma @ 4:47 pm
Tags: ,

Since I no longer work at USSTRATCOM, I don’t get the early information about these things.  I got this from Linux Today.

One of the things that surprises me, as I read through the links concerning this story, is why usb and other devices were allowed, in the first place.  I worked at HQ SAC/STRATCOM from January 1984 through September 2007.  The first ten years I was working primarily in Computer Security.  I started with mainframes, and was part of the group that shepherded in these newfangled ‘desktop systems’ that had as much power as the mainframes down the hall.

Since all our mainframes were connected to other mainframes, some in worldwide networks, the idea of connecting the PCs to the Internet wasn’t exactly shocking.  But, early on, you had to justify any needed access outside the STRATCOM LAN.  Eventually, as the Internet became all-pervasive, all UNCLASSIFIED computers were automatically allowed access to the Internet.  But a very strict firewall, and very stringent policies kept threats to a minimum.  One of those policies was “NO USB Devices Will Be Plugged Into ANY Computer”.  Systems were locked down to the extent that we had no access to our own C: drives, no access to any devices or drivers.  Even floppy and CD drives were locked out.  All usb ports were locked down. The only usb device allowed was a required smart-card reader, which was used for logging in.  Removing your card would result in locking the screen.  The only way to continue processing was to re-insert your card, and re-enter your pin.  Unplugging the reader would have similar results.

With no physical access available, bringing in usb devices was rather pointless.  But there were specific regulations concerning them, just to be sure.  And if you had IR-communicating devices, like a PDA, well, don’t even bring it into the building.   Attempting to circumvent the security system was grounds for serious disciplinary action.

That was the situation when I left last year.  So imagine my shock when I learned that a few months ago the Commander of USSTRATCOM ordered service members to “cease usage of all USB storage media until the USB devices are properly scanned and determined to be free of malware.”  What in the world caused a change to the original policy, anyway?  Then I got to thinking.  I was stationed at Headquarters.  While USSTRATCOM is the DoD agency in charge of information security, units not directly subordinate to it are/were allowed to set their own policies, at least for routine, unclassified systems.  So why would anybody be surprised?

I spent two years in the mid-90s at HQ Armed Forces Southern Europe, in Naples Italy.  My office, in charge of Computer/Network Support,  had to periodically perform virus removal on various systems.  Why?  Because people consistently violated regulations and brought in floppy disks with games on them, that they downloaded at home, to put on their work machines.  (The French Liaison Office was the worst, because they weren’t part of the NATO military command, so we couldn’t really do anything to them for violating AFSOUTH/NATO regulations.)  Basically, given a large enough segment of people, you will have some, no matter how bright in other areas, no matter how dedicated, brave, etc., who will be stupid and put a virus on their machine.  All you can do is try to limit the vectors available.  Don’t let them connect their personal devices to the system.  Don’t let them use IE.  Lock down whatever you can, to keep them from shooting themselves (and everyone else) in the foot.

I remember, several years ago, listening to a classified briefing on the malware threat at STRATCOM: the types of threat, the volume, the main actors, what steps were being taken to counter it.  I so wanted to just stand up, and ask, “Why are you forcing us to use Windows, and IE, then ?”  But, of course, you don’t confront your superior offices in public, like that.  And my behind-the-scenes, private inquiries went unanswered….

Advertisements

3 Comments »

  1. w00t! Shoot out to former member of “The fortress on the hill”. I miss it, but I am glad I no longer work in a basement and have to ask permission to take cold medicine.

    P.S. If you do not know why I had to ask permission then you do not possess “the need to know” requirement, lmao.

    Comment by Formerly_In_Blue — December 10, 2008 @ 7:11 am | Reply

  2. I remember being so annoyed by the regulations until I found out how many of our machines in the basement were exempt due to special little waivers that we had to write so that others could also be exempt if they had valid reasons. Some of them being, you are the Brigadier General and you run the freaking show(or at least we let you think you do), being the general’s/colonel’s/Lt. Col.’s office aide, or anyone who can not get by having us burn more than a hundred CDs for distrobution every month/week/day/hour. I so hated those freaking T****** ** ***** Reports!(Ha I bet you thought I was gonna initiate a CMI!) Not likely.

    Comment by Formerly_In_Blue — December 10, 2008 @ 7:43 am | Reply

  3. I do indeed remember having to get permission to take cold medicine. I was PRP myself for many years…. 😉

    And I also remember all the waivers, etc. My unclass machine, facing the internet/’world’, was locked down tight as a drum. On the other hand, on my TS box, I had almost full admin rights, because we couldn’t develop/test with anything less. Of course, there was no connectivity outside the internal LAN, and we still couldn’t write to any device, except on a few designated machines, and you better have a good reason for creating that classified floppy/CD!

    Comment by Padma — December 10, 2008 @ 11:38 am | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: