Former Army Intelligence Analyst: “Army security is like a Band-Aid on a sunken chest wound”

Evan Knappenberger, a member of Iraq Veterans Against the War who served in roughly the same position Bradley Manning did (but several years earlier), was interviewed by his college newspaper about my latest obsession, DOD’s network security. (h/t Asher_Wolf)

What kind of access did you have here and in Iraq?

Army security is like a Band-Aid on a sunken [sic] chest wound. I remember when I was training, before I had my clearance even, they were talking about diplomatic cables. It was a big scandal at Fort Huachuca (Arizona), with all these kids from analyst school. Somebody said (in the cables) Sadaam wanted to negotiate and was willing to agree to peace terms before we invaded, and Bush said no. And this wasn’t very widely known. Somehow it came across on a cable at Fort Huachuca, and everybody at the fort knew about it.

It’s interesting the access we had. I did the briefing for a two-star general every morning for a year. So I had secret and top-secret information readily available. The funny thing is, Western’s password system they have here on all these computers is better security than the Army had on their secret computers.

There are 2 million people, many of them not U.S. citizens, with access to SIPRNet (Secret Internet Protocol Router Network, the Department of Defense’s largest network for the exchange of classified information and messages). There are 1,400 government agencies with SIPR websites. It’s not that secret.

[snip]

We basically gave (the Iraqi army) SIPRNet. It’s not official, but if you’ve got a secret Internet computer sitting there with a wire running across from the American side of the base, with no guard, you’re basically giving them access.

Then in every Iraqi division command post, you have a SIPRNet computer, with all the stuff Bradley Manning leaked and massive amounts more.

I could look up FBI files on the SIPRNet. In fact, I was reading Hunter Thompson’s “Hell’s Angels” book, and I was like “this sounds cool,” and I looked up all the Hell’s Angels.

Now, as I said, Knappenberger was in Iraq several years before Manning, before malware was introduced into DOD networks via a thumb drive and the limited response DOD made to that. So this can’t necessarily be taken as a description of what the network was like when Manning allegedly downloaded three databases on a Lady Gaga CD, nor as a description of what it is now (though as Congressional testimony has made clear, DOD isn’t in a big rush to fix its gaping security problems).

But Knappenberger’s account backs up two points I’ve been making: first, the level of security tolerated in DOD is far worse than what you’d find on networks in the States that carry much less sensitive information (he refers to the network at Western Washington University).

Further, one of DOD’s challenges is that we need to share information with our “coalition partners” (in his account, the Iraqi army). No matter how trustworthy they seem, these coalition partners are going to have different motivations than American soldiers (think, for example, how close members of Nuri al-Maliki’s government are to Iran). They may be far more susceptible to approaches from other countries’ intelligence services than your average Army Specialist. And if there are data breaches to foreign government, we (both citizens and our government) may not be learning about them.

And there’s some indication our network security is weakest precisely at those points where we are sharing data. One of the reasons 12% of SIPRNet computers will remain accessible to removable media, after all, is to facilitate sharing of data with coalition partners. While DOD is finally implementing a buddy system to add a level of security at those sensitive computers, that still leaves them exposed to human sloppiness.

With security like this, the data Manning is alleged to have taken simply can’t be called secret. Limited access, maybe. But it’s not even clear we’re limiting access from the people who most seriously shouldn’t have it.

image_print
  1. Xboxershorts says:

    I think the College Newspaper misinterpreted the transcription. I believe the correct phrase is “Like a band-aid on a sucking chest wound”.

      • Xboxershorts says:

        Indeed. And it’s an appropriate analogy…Band-Aid on a sucking chest wound.

        I work for a very large cable ISP and we fire people for playing bootleg media on their company workstations. I personally know 2 people who’ve met this fate. It’s insane that DoD doesn’t or can’t enforce similar policies.

    • irishdave3 says:

      mistaking sucking for sunken is about par for the course…Fort Wah Hooka is located in Arizona, afterall…hell, they don’t know what time it is there…”we don’t need no stinkin Daylight Savings Time”.

  2. harpie says:

    sorry to be o/t already, ew, but have you seen this?:

    The bombing continues until Gaddafi goes; David Cameron, Barack Obama and Nicolas Sarkozy; The Telegraph; 15 Apr 2011

    The Libyan leader will make his country a pariah state. To leave him in power would be an unconscionable betrayal. […]

    Also at:

    http://www.nytimes.com/2011/04/15/opinion/15iht-edlibya15.html

    http://www.lefigaro.fr/international/2011/04/14/01003-20110414ARTFIG00772-sarkozy-obama-cameron-kadhafi-doit-partir.php

    and at al-Hayat

  3. jdmckay0 says:

    They may be far more susceptible to approaches from other countries’ intelligence services than your average Army Specialist.

    Not to mention your avg black box DOD contractor, intent upon “growing” their business…

    And if there are data breaches to foreign government, we (both citizens and our government) may not be learning about them.

    Christ… even when they’re (wiki)leaked, most of our citizens aren’t learning about them.

  4. orionATL says:

    ew-

    repeatedly deleting my logons seems rather childish.

    do i need to take this up with greg levine?

  5. Xboxershorts says:

    Sorta OT also, but…I’m dying to find out if any of the State Dept leaks go back far enough to indict Marc Grossman for any of the Sibel Edmonds allegations.

  6. orionATL says:

    the siprnet security matter explains to me better than anything else why manning is being subjected to markless torture.

    what the dod may want is a guilty plea and no testimony on the sorry security status of their communications system.

    as usual the objective is to keep the public from knowing an embarrassing fact.

  7. Chief says:

    Back to Army security. I did spend 21 years in the U.S. Navy. I have some (limited) understanding of classified info. What I have extreme difficulty understanding is the amount of extremely sensitive data to which an E-3 would have access. E-3 in any branch are not specialists. At best they are “specialists-in-training” and normally they are floor sweepers or carry a rifle.

    And to share this secret, sensitive data with contractors and foreign gov’ts? Stupid in the extreme.

    • irishdave3 says:

      Back in the day, all promotions to Specialist(4) were temporary so the PTB could bust one back to E-3 via Article 15(non-judicial punishment). Manning was an E-4 but following a
      canteen” incident was demoted.

  8. orionATL says:

    well, somebody with access to logon sure does. i cannot stay logged on to this site, and only this site.

    • geraldo says:

      I often have to sign back in again, it’s not a big deal. It’s possible the cookie is being lost or there are some coding issues at the back end regarding session persistence…you aren’t being singled out.

  9. WilliamOckham says:

    Now, as I said, Knappenberger was in Iraq several years before Manning, before malware was introduced into DOD networks via a thumb drive and the limited response DOD made to that. So this can’t necessarily be taken as a description of what the network was like when Manning allegedly downloaded three databases on a Lady Gaga CD…

    We can be fairly confident that the state of network security in Iraq had deteriorated even further by the time Manning got there. Here’s why. Anybody who has been involved in network security knows that, without constant work, network security degrades over time. Especially in high-stress environments, the pressure to “get it done” leads people to compromise, circumvent, and cripple the in-place security measures. The only way to combat that natural tendency is through on-going training, communication, audits, and reviews. In short, you have to build a security culture. In an organization like the military, those efforts leave lots of tracks. If that had been done effectively, we would have seen evidence of it in the Manning charging documents. Instead, there is evidence of omission. The stuff they don’t know is pretty horrifying, from a network security point of view.

    • MadDog says:

      And on top of that, add in 6-9 month “tours” where responsibility for stuff, including IT, gets passed from hand to hand.

      Responsibility handovers are never 100% successful even under the best of circumstances for normal organizations, and in the case of military organizations at war, it has to be even worse.

  10. mzchief says:

    It’s been that since the 1970s when young hacker kids would get in and trawl around. I didn’t do it but I heard about others who did and all they had was a Teletype!

  11. lbjdem says:

    I was surprised at the story around Manning’s alleged inappropriate access of classified material. Not that he had access to it, but he allegedly removed it via a CD/DVD burner.

    Someone I know works at a military installation where they perform equipment maintenance. His computer has a special version of windows that doesn’t have drivers for USB ports – you can plug a thumb drive in but they don’t work. It definitely doesn’t have any removeable media drives. There is no way to get secure information off the computer other than taking a photograph of the screen. Likewise, there is no way to load information except through the keyboard.

    When they need to load digital photographs unto a machine, they have to provide the camera to an IT support person who loads them onto a local network from a separate computer after first checking for malicious software.

    These were not ‘new’ security measures put in place in the last X years. It’s been standard procedure since they’ve had computers connected to networks with secure data.

    My question is why computers with access to SIPR are less secure than those that deal with maintenance procedures on equipment.

    • marksb says:

      I’m guessing because of the decentralized responsibilities and gradual rollout of security procedures. The aim is to get the system up and running in the shortest period, and a PC will work just fine, as long as you have the access key (or whatever system they use to secure the link). We know lots of things were hacked/jury-rigged in Iraq and throughout the military over the last ten years; it would follow that a network would as well. Get ‘er done.

    • emptywheel says:

      Right, as I’ve pointed out, DOD recently testified that their SIPRNet security was lower than their unclassified network.

      There seem to be two reasons SIPRNet has lower security: Much of the network was kluged together as they went to war (and over many years). And they need to have removable media available to get data to some coalition partners (as I said here) and some weapons platforms. So while they’re finally trying to fix that security hole (3 years after having bad malware inserted into their networks), they’re going to leave 12% of all SIPRNet computers accessible to removable media.

      • marksb says:

        So while they’re finally trying to fix that security hole (3 years after having bad malware inserted into their networks), they’re going to leave 12% of all SIPRNet computers accessible to removable media.

        I don’t know why. Compared to most weapon systems, this is the (relatively) easy stuff. Contractors are available to custom-make and ship specific secure boxes pretty much overnight. I’m sure Dell has a nice DOD contract. The obvious need is there, and the secure approach is well documented. It takes someone in charge with the ability to audit and write violations that sit in an officer and commander’s record and have the potential to affect advancement. This is a clear lack of leadership, as the technology is off-the-shelf, and the operational standards are in use in thousands of corporate IT systems and networks, many of them global.
        Sheesh.

  12. marksb says:

    It would be interesting to do thorough research on this, but when I was a crypto tech in ’71, the whole system was secured by using crypto gear, run and maintained by a guy with a Top Secret clearance, and a manual on what to do and not to do. That was pretty much it–we were the Trusted Guys. My ship was never audited and I never spoke to anyone ever that was higher than I and was checking security systems. The whole system depended on the assumption that the guy doing the operation and maintenance was doing it “By the book”.

    Almost twenty years later when I was working for the DOD contractor, the security system was basically the same, depending on individuals that had been through specialized schools or trained in the field, all with TS clearances.

    Now I’m sure there’s more overview and audits, more centralized security authority, as well as activity and key word monitoring on the network and servers. But all that I read here and in the bit of press that addresses this subject indicates that it’s still primarily a trusted-guy approach to security.

    That’s fine as far as operating the system, but there must be a tight security auditing system, pretty much in real-time, and reports that activate constant investigations. Otherwise, you *will* suffer breaches, it’s just the way it is, irregardless of clearances.

  13. NorskeFlamethrower says:

    AND THE KILLIN’ GOEZ ON AND ON AND…

    Citizen emptywheel:

    “First, the level of security tolerated in the DOD is far worse than that what you’d find on netwroks in the States that carry much less sensitive information…”

    That is the telling point for us here…the security technology priority of our government is first and foremost to keep the citizenry ignorant. The wars and international security are a horrible diversion from the looting of the vaults in the treasury.

    So now that we all know this, how do we get the military and the oilagopoly to devour itself before it gets all the rest of us…where is our leverage to use against the beast that is dying anyway? It’s clear that if we don’t get the banksters to turn on the oil cowboys, then we’re all in for a trip back to the Dark Ages.

    KEEP THE FAITH AND PASS THE AMMUNITION, NO COMPROMISE WITH FASCISM!

    • geraldo says:

      Another thing to check is make sure you check off “Remember me” when you log in, otherwise you won’t get a cookie. The cookie is only good for 30 days but I’m not convinced it doesn’t get eaten if you log on from a different computer and move the cookie there instead.

  14. bigbrother says:

    SNAFU Homeland is not secure? Financial industry is beyond corrupt? USA infrastructure has decayed. Climate change is increasingly severe. Frank Zappa called it…
    “Some scientists claim that hydrogen, because it is so plentiful, is the basic building block of the universe. I dispute that. I say there is more stupidity than hydrogen, and that is the basic building block of the universe.”
    Inspite of all this I recommend happiness while doing the best you can to change what we can.

    • NorskeFlamethrower says:

      Citizen bigbrother:

      ROFLMAO…it’s their stupidity that the fascists are tryin ta keep secret from the world, ain’t that God’s big joke on us.

  15. mzchief says:

    Here’s another one. Remember the live feed of the CNN reporter broadcasting when a US missile took out the hotel in the background (Persian Gulf War)? It was finally confirmed to me that MCI and E-Systems coordinated to have that live test demo seen on CNN so the missile maker’s stock would soar (which it did).

  16. Agent420 says:

    Bradly Manning is a national hero. He is being mistreated by people who believe in imaginary friends that tell them to act like enemies of the people. You myth believers need not worry about going to some imaginary place with fire and brimstone (what the fuck is brimstone?) if they don’t mistreat anyone with less Religulous than they do.

  17. KrisAinCA says:

    I could look up FBI files on the SIPRNet. In fact, I was reading Hunter Thompson’s “Hell’s Angels” book, and I was like “this sounds cool,” and I looked up all the Hell’s Angels.

    It was said early on in the Manning case that over 3,000,000 Federal employees had access to the files that were leaked.

    Some secret.

  18. JohnLopresti says:

    There seems to be discontinuity between the network problems discussed in the post; in contrast to some other efforts of the amoebic Bush administration which was promultating policies and programs directed toward strengthening secrecy of many sorts. Consider: Jennifer Mayfield was stamping papers Treat As If Classified xxx; the Bush*s administration was shuttering select EPA libraries to prevent public and researcher access; Bushco launched a reclassification initiative, bringing documents that had been published in the public realm back under a classified access only umbrella. Then there were some of JudyJudy Miller*s own apparently revealing allusions to having seen classified materials in her **investigative** reporting exercises; the latter may have become a pathway for JudyJudy to learn some of the material on the defective network discussed, though she is notoriously reluctant to get explicit about reporter shielded sources.

  19. lettherebelight2011 says:

    Kudos to your article indicating how critical security is to the DOD networks . . . and by implication how egregious and harmful Manning’s conduct was. It is one thing for a foreign power to use its government resources to exploit the vulnerabilities in US security, but it is even more depraved when one of its “heroes” makes a conscious decision to abuse the trust that the military and his superiors gave him and to exploit those vulnerabilities. Makes for a pretty compelling case in aggravation, eh?

    • marksb says:

      Actually, if you have been reading, the point is that the DOD secure network and server system is broken, insecure, and wide open to a stupid-level breach.
      Whatever a person feels about Manning’s access and alleged sharing of secure data, it points up the unacceptable level of Stupid by DOD leadership in securing their Top Secret data.
      In my military experience, back when thousands of warheads were pointed at each other and we were constantly prepared for nuclear warfare, this kind of security breach would have had commander’s heads rolling all the way up to the Pentagon. If it happened today at IBM or Visa, the entire IT leadership would be fired and it would be Big News in the Wall Street Journal.
      It’s unacceptable.

      • lettherebelight2011 says:

        “With security like this, the data Manning is alleged to have taken simply can’t be called secret. Limited access, maybe. . . .” Actually, the author is trying to link the lack of DOD security with Manning’s alleged date mining, either as a defense (legal or moral) or as mitigation.

          • earlofhuntingdon says:

            That’s true, except for the short telecoms equipment towers disguised to look like palms. Harvesting their fruit requires different skills altogether.

            Reminds me of the April 1st announcement that the southern Swiss spaghetti trees had produced a bumper crop for the 1957 season. It was only an average crop; as always, it needed to be cut and harvested before the rains came.

            As with dating, inadvertent mispeaking can distort the meaning of gaping wounds in the chest, but only if that’s what the critic wants to do anyway.

            • PJEvans says:

              I’ve seen cell palms. They’re almost convincing. (So are the better cell pines, but I know of one that looks like it’s a dead cell pine.)

              These days date palms get moved out of the orchards and into landscaping, when they get too tall to harvest. They still bloom and get fruit, though. (Don’t know if it’s any good, but it might be worth renting a small crane to find out, if you have access to a date palm.)

              • earlofhuntingdon says:

                I’ve driven the San Diego to Sedona route through Phoenix. I think part of the stretch through Southern California and maybe western Arizona is called “date alley”. Date ice cream’s not bad; I like fresh dates better.

                • marksb says:

                  Growing up in SoCal in the 50’s with a mom born in Long Beach in 1922 and raised during the depression on a Fallbrook ranch, going out to the desert (which started just outside of Riverside back then) on Route 66 was always an adventure. Sand storms. Overheated ’55 Ford Country Squire wagon. Stops at weird roadside gas stations for a dime coke (ice cold) and an ice cream sandwich. Oh, and the giant plaster dinosaurs. She knew all the cool places.

                  Anyway, out past Palm Springs on the way to Indio stretched acre after acre of date palms, many with little roadside stands. Fresh dates, date products, apple cider in a jug, yum!

                  I like computers and my Prius and digital music, but sometimes I miss those simpler times–plaster dinosaurs and fresh dates from the farm.

                  • earlofhuntingdon says:

                    That sounds like the Old Rte 66, before television Corvettes, before interstates shut off access to towns, villages, produce stands, and roadside rests, complete with dinosaurs. I think the few roadside restaurants that survive still offer adventurous cooking, some of it good, especially if you like it hot and spicy.

                    What I was surprised to see in the desert en route to Yuma, Phoenix and Sedona were the cattle factories. In that climate, even with federally subsidized water, I would have thought it would mean selling barbecued beef on the hoof.

                    • PJEvans says:

                      I was under the impression that 66 went through Barstow and Needles, not Indio and Blythe. I can’t find the route number, though – although it’s interesting that US 99 went from Riverside to Calexico. (That explains some of the stuff I run into at work.)

                    • earlofhuntingdon says:

                      I was probably using Rte 66 generically, as a symbol for pre-interstate highway travel on routes that went through rather than around cities and towns.

  20. Chief says:

    I am curious about your ref to Art 15 NJP. When I was doing it (1958 – 79) the Commanding Officer (O-5 or above) could reduce any E-6 or below in rank at a Captains Mast (NJP). And beyond that, up until about 1967 an E-7 could also be reduced in rank during their first year as a Chief.

    Are all specialist promotions temporary?

  21. marksb says:

    Giant shed-roofed feed lots, water spray, and the innate ability for cattle to adapt to whatever shitty conditions are thrown at them. Whatever, it’s just about keeping ’em healthy enough to get fat and then off to factory.
    Get along little doggies.

    • earlofhuntingdon says:

      Keeping them in the desert along the interstate would reduce the odds of DFH’s and Greenies picketing and objecting to the lifestyle corporations permit Elsie before turning her into a protein-based delivery system for antibiotics and E. coli.