A central point for collection of information that relates to computer security. Including, but not limited to, security advisories from the major vendors, major data breaches, “phishing” alerts, commentary regarding staffing levels. etc. etc.
DOD and Web 2.0 security concerns
July 31, 2009 at 3:19 pm #76933
Why am I NOT surprised! and if DOD pulls it off don’t be surprised to see some other agencies follow suit
END OF OPINION
Military May Ban Twitter, Facebook as Security ‘Headaches’
* By Noah Shachtman
* July 30, 2009
The U.S. military is strongly considering a near-total ban on Twitter, Facebook, and all other social networking sites throughout the Department of Defense, multiple sources within the armed forces tell Danger Room.
It’s the latest twist in the Defense Department’s tangled relationship with so-called “Web 2.0? sites. But while earlier social media blockades have been thrown up over bandwidth and secrecy concerns, this fresh ban stems from fears that Facebook and the like make it far too easy for hackers and cybercrooks to gain access to the military’s networks.
Last week, U.S. Strategic Command issued a “warning order” to the rest of the military, asking for feedback on a social media ban on the NIPRNet, the Defense’s Department’s unclassified network. (Naturally, access is already denied on the secret and top secret nets.)
“The mechanisms for social networking were never designed for security and filtering. They make it way too easy for people with bad intentions to push malicious code to unsuspecting users. It’s just a fact of life,” says a source at Stratcom, which is responsible for securing the military’s “global information grid.”
Last month, for instance, well-known venture capitalist Guy Kawasaki’s Twitter account was hijacked, and used to spread a sex video come-on to his 139,000 followers. Those following the link were asked to install a software update. The application was, in fact, a Trojan, which allowed hackers to take over a user’s machine.
Similarly, one variant of the nasty Koobface worm searches a PC to find a Facebook cookie. Then the malware program uses that information to gain access to the user’s Facebook account. Once it’s in, Koobface spreads messages to online friends, enticing them to download viruses and Trojans.
“People are much more trusting of a message from a friend or colleague on a social network than they are of an e-mail, because they’re used to e-mails being forged,” says Graham Cluley, a senior consultant with the network security firm Sophos. That’s ironic, he adds, because “social networks aren’t really doing enough to stop these things. With GMail or Hotmail or a military e-mail account, messages are scanned for spam and viruses. Social networks aren’t doing that scanning. They aren’t checking if a link posted to a wall is malicious or spammy. They’re just letting it through.”
Officially, “the concept of allowing access to social networking sites (SNS) on the Department of Defense .mil networks is currently under review at this time,” a Stratcom spokesperson e-mails Danger Room. “It would be premature to comment on the outcome of the review.”
But unofficially, the ban is all-but-certain, military officers and civilian employees say. Many are upset, because after years keeping the social networks at arms’ length, the armed services appeared to be finally embracing the Web 2.0 sites. The Army recently ordered all U.S. bases to provide access to Facebook. The Chairman of the Joint Chiefs of Staff has 4,000 followers on Twitter. The Department of Defense is getting ready to unveil a new home page, packed with social media tools.
“We fought so hard for this,” says one Army source. “This is a huge step backwards.”
Under Stratcom’s plan, units that have to regularly communicate with the civilian world, like media relations and recruiting, may be given “dirty computers” — machines that are connecting only to the public internet, and not to the military’s private networks. The rest of the Defense Department would be cut off from the social media sites, despite protests from inside the Pentagon.
People started working with these social networks “before we got a handle on how to use them in the context of the Department of Defense,” a Stratcom source says. “Now, they’re just too big of a headache.”
You must be logged in to reply to this topic.