FA+
Shop
2007 Regrets
8 years ago
Between Dec 2006 and Jan 2008 I was a help desk/system admin working as a sub-contractor for the Department of Defense responsible for maintaining both PCs and networks in both non-class and classified environments (NIPR/SIPR). I was in Bishkek, Kyrgyzstan working on Manas AB, an Air Force base that transitioned troops and supplies to and from fields of operation in Afghanistan.
There's been something that's bothered me for the past decade, and I wanted to get it off my chest: the US Government can be strangely amateur when it comes to OpSec.
The US government held annual and bi-annual bazaars on base where they'd invite the local community to sell their wares on US military bases. This includes pirated copies of operating systems (Windows Vista), Microsoft Office, the latest games, and movies. All pirated. All at insanely cheap prices (about $5).
These were all sold to members of the US Air Force and Army, government officials, as well as US contractors. And often were laden with viruses, malware, and other nasty shit. Most of the pirated material was Russian in origin. And yes, it was all going to the troops on the forward lines.
When I worked the help desk I'd often have troops come in and complain that their personal laptop was infected with viruses and other nasty shit that was rendering their machines unusable. And there was nothing I could do about it because it wasn't a DOD machine, and thus it wasn't my responsibility. I couldn't touch them due to liability issues. Meanwhile, the machines of soldiers on the front lines were being infected with malware. The best I could tell people was to wipe their devices from a recovery disc (if they even had one -- most didn't). Due to liability
I bought this up to JAG and the 376th AF Comm Ops Lt. Col at the time as a concern. Not only were these bazaars selling compromised software but even Green Beans Coffee (a Star Bucks-like coffee shop found on almost every military base) was selling counterfeit iPods, flash drives, and other devices to our troops. And nobody cared. Our internal network was flooded with pirated games, movies, music, and more. AND NOBODY CARED THAT IT WAS ON THE GOVERNMENT NETWORK.
"Copyright doesn't apply to war zones." I was told. In fact, I was even told these software packages provided "excellent savings opportunities" to our troops, despite the fact that they were often pirated, counterfeit, or piggybacking viruses/malware. I tried to stop it but didn't go far enough.
In retrospect, I wish I had made a bigger stink about it and said something. While nothing may bad may have ever come from it... I still felt bad that this was something that ever occurred in the first place, and I didn't do more to stop it.
I just needed to get this off my chest.
There's been something that's bothered me for the past decade, and I wanted to get it off my chest: the US Government can be strangely amateur when it comes to OpSec.
The US government held annual and bi-annual bazaars on base where they'd invite the local community to sell their wares on US military bases. This includes pirated copies of operating systems (Windows Vista), Microsoft Office, the latest games, and movies. All pirated. All at insanely cheap prices (about $5).
These were all sold to members of the US Air Force and Army, government officials, as well as US contractors. And often were laden with viruses, malware, and other nasty shit. Most of the pirated material was Russian in origin. And yes, it was all going to the troops on the forward lines.
When I worked the help desk I'd often have troops come in and complain that their personal laptop was infected with viruses and other nasty shit that was rendering their machines unusable. And there was nothing I could do about it because it wasn't a DOD machine, and thus it wasn't my responsibility. I couldn't touch them due to liability issues. Meanwhile, the machines of soldiers on the front lines were being infected with malware. The best I could tell people was to wipe their devices from a recovery disc (if they even had one -- most didn't). Due to liability
I bought this up to JAG and the 376th AF Comm Ops Lt. Col at the time as a concern. Not only were these bazaars selling compromised software but even Green Beans Coffee (a Star Bucks-like coffee shop found on almost every military base) was selling counterfeit iPods, flash drives, and other devices to our troops. And nobody cared. Our internal network was flooded with pirated games, movies, music, and more. AND NOBODY CARED THAT IT WAS ON THE GOVERNMENT NETWORK.
"Copyright doesn't apply to war zones." I was told. In fact, I was even told these software packages provided "excellent savings opportunities" to our troops, despite the fact that they were often pirated, counterfeit, or piggybacking viruses/malware. I tried to stop it but didn't go far enough.
In retrospect, I wish I had made a bigger stink about it and said something. While nothing may bad may have ever come from it... I still felt bad that this was something that ever occurred in the first place, and I didn't do more to stop it.
I just needed to get this off my chest.
Hell, the company I worked for at the time ran a pirated movie station which broadcast films over the airs. I refused to have anything to do with it because I felt like it was a giant legal landmine waiting to explode. I was often ordered by higher-ups to fix the movie channel but would outright refuse. I didn't want to be complicit in its operation. Anyone could bring in a DVD, the team would rip it, convert it to DivX, then add it to the channel rotation. The government invested hardware into supporting the pirated movie station. Not a lot, but they definitely paid for it.
I don't think I raised a bigger stink at the time because I was concerned about my job because my paychecks were pretty much the only things paying for FA.
They all kept repeating this "copyright doesn't apply to war zones" mantra over and over, and I could never find further verification. Plus I was worried if I lost my job FA would die because I'd have no way to make payments at the time.
Patching the problem is easy. The performance drop may be something else.
But honestly that is something that bugs me most about modern pcs.. lets not optimize the code... lets just throw bigger chips at it..
(it makes me think back to the days of 8-bit coding.. where every cycle and every byte of ram were important and sacred.)
it's just.....SAD. we could do so much better XvvvvX;;;
First, you don't have to spend the resources to determine what has become OK to declassify and what still needs secrecy. Instead you can work from a standpoint of, "if someone asks, we can consider it later," to declassify things that are safe to do so and which will actually matter.
Second, keeping only the stuff that needs ongoing secrecy classified reveals that that stuff is somehow still important. For instance, if you have a bunch of semi-clandestine flights¹ heading into an area and ten years later all but one is declassified it brings up the question "what about that one flight is still going on?"
1: As in the fact that there were flights from Semifriendlynation in the direction of Mostlyhostilestan has long been known because that's not really possible to hide without a huge secure facility, but exactly where they went and what they did isn't known.
Although I did see plenty of people lose their clearances.
This is one of those stories: http://www.furaffinity.net/journal/8336691/
I mean, granted, those commercials are like every 20 minutes, but still. XD
It created soooo many problems.
The fact that they had to pay for any of it in the first place is fucking insulting. They're protecting us and we can't buy them entertainment for their downtime. Shame!
Although, one of the cool things I go to do when I was in Kyrgyzstan was design and build out a LAN cafe for the troops. I was in charge of the budget, picking out rigs, specs, gear. The whole nine yards. Was fun as hell to negotiate with companies and go "The troops need some awesome gaming machines to play on. What can you do for me?" and having companies poop out massive discounts. XD
cause definitively that's one thing that should NEVER happen in any way shape or form
also, even if the tech wasn't legit, were there other things it could be used for?
Half the reason people were buying pirated movies, games, and software is that when you're on a military base in a deployment zone it's boring as fuck during the downtime. They could have repurposed a bit of the money. But, eh, I'm not in charge of those things. I was the IT and systems guy. =P
I remember the logistics guys saying that each lobster cost about $50 when you factored in the purchase price, transport, and storage costs. Then factor in that they made 2,000+ of 'em every Sunday... you can do the math. And that's just on the lobster.
And yet they would get on me for actually you know, buying stuff from legit retailers and then having it sent to the ship. Gamestop may kinda suck but they were still able to deliver a copy of HAWX to a Navy vessel in the middle of the Pacific, so good on them for that.
Way back in the late 90's the US Army had a NOC in USAREUR, and when the NOC detected you doing shit you weren't supposed to be, they'd send you emails like "The Green Dragon is watching." and send you a link to the intra/internet mil.net regulations.
I used to want to summon the Green Dragon in spirit when I saw people streaming shit from the network. I could see everything they were doing, every file they had open, and everything they'd touched. I was always tempted to call up people and be like "Really, Airman Smith? Sex in the City? I knew you were a Samantha."
Right there with you, 'Neer! Wuff's Author has been working on secure military systems since '84, and in "normal" military systems since '75. There was SOME excuse, 'way back in time, for management not understanding the vulnerabilities these sorts of things carried. Early, it was knock-off parts and not software. Then we started having planes fall out of the sky because some imitation knock-off bolt sheered because it was crap metal instead of aircraft-grade. And when folks started dying and missions were failing, only THEN did the bureaucratic managers start to take interest. And it didn't matter what the line level supervisors (let alone the common 'grunts') were reporting before that.
Then we moved from hardware-centric systems to software-based flexible computer power. But the same managers refused to put safeguards in place until PROOF of embedded backdoors and other vulnerabilities in the chips and ROMS were revealed.
But they STILL won't learn!
We moved the STUXNET worm into an isolated network from someone "sneaker-netting" it aboard in a personal system. We have hundreds of penetrations on our supposedly "secure" networks. And we STILL have folks trying to get around safeguards, such as not reporting connections between classified and unclassified networks because those connections aren't "data lines". They're "signal and RF" so they're not IT consideration. Funny, Wuff sees LOTS of data coming down his RF paths! But we don't need to worry about infiltration or cross-contamination of the classified systems from the unclass, or leaks of classified out the unclass/unprotected access? Because we don't have an Ethernet link between them?
But that would be "inconvenient".
It really comes down to money, mostly, these days. Some would LIKE to do more, but when the budget has been so slashed that even the point of the spear is grounded due to lack of parts, training, flight time, etc., then spending money on more esoteric threats falls WAY down the priority list.
Have never seen anything so blatant though, as what you described! That's beyond stupid into gross, willful negligent disregard. its literally criminal. And the potential damage to the mission and security is extreme. Pity you didn't drop an anonymous call to the IG, ORI, or appropriate AIS folks. Perhaps nothing would have come from that either, but without the trigger, it's sure nothing will.
There was just no consideration for network security, and I even had people yell at me when I hunted down and blew the shit away. Like, I don't care if people pirate. Do whatever you want. That's on you. But don't be a mook and upload your shit to a government network and risk damaging the base.
And yet somehow I was the bad guy for thinking like that.
Never pre-order and never by from bazaars, (unless you pirated it yourself and know what your doing).
I told your story to my roommate, in a similar position doing Admin work in Korea. He said that not much could've prevented what happened; that the superiors are aware of this and are often coordinated with the virus-makers themselves.
Kinda reminds me of a chapter in Catch-22 when the cook at the base is hired by the nazis to bomb his own base. and he does. And he's back at work the next day as if nothing happened ♥
And you know, you did all that you could at that moment to making things right.
it's a very big risk to buy and use a pirated copy of windows ( virus, malware, etc )
I don't know even if you use some good programs like bitdefender ( paid version ) I do not know if you will really be protected against.
use a pirated copy of windows? well, maybe? why not? but WITHOUT internet I think...
the problem ( I think ) with linux,
for the gamer, you can say ( farwell ) to many game.
it's a nice operating system for working.
Also, they switched their eMail system from Novell GroupWise to Microsoft Exchange