April 16, 2014

avatar

Twittering for the Marines

The Marines recently issued an order banning social network sites (Facebook, MySpace, Twitter, etc.). The Pentagon is reviewing this sort of thing across all services. This follows on the heels of a restrictive NFL policy along the same lines. Slashdot has a nice thread, where among other things, we learn that some military personnel will contract with off-base ISPs for private Internet connections.

There are really two separate security issues to be discussed here. First, there’s the issue that military personnel might inadvertently leak information that could be used by their adversaries. This is what the NFL is worried about. The Marines order makes no mention of such leaks, and they would already be covered by rules and regulations, never mind continuing education (see, e.g., loose lips sink ships). Instead, our discussion will focus on the issue explicitly raised in the order: social networks as a vector for attackers to get at our military personnel.

For starters, there are other tools and techniques that can be used to protect people from visiting malicious web sites. There are black-list services, such as Google’s Safe Browsing, built into any recent version of Firefox. There are also better browser architectures, like Google’s Chrome, that isolate one part of the browser from another. The military could easily require the use of a specific web browser. The military could go one step further and provide sacrificial virtual machines, perhaps running on remote hosts and shared by something like VNC, to allow personnel to surf the public Internet. A solution like this seems infinitely preferable to forcing personnel to use third-party ISPs on personal computers, where vulnerable machines may well be compromised, yet go unnoticed by military sysadms. (Or worse, the ISP could itself be compromised, giving a huge amount of intel to the enemy; contrast this with the military, with its own networks and its own crypto, which presumably is designed to leak far less intel to a local eavesdropper.)

Even better, the virtual machine / remote display technique allows the military sysadm to keep all kinds of forensic data. Users’ external network behavior creates a fantastic honeynet for capturing malicious payloads. If your personnel are being attacked, you want to have the evidence in hand to sort out who the attacker is and why you’re being attacked. That helps you block future attacks and formulate any counter-measures you might take. You could do this just as well for email programs as web browsing. Might not work so well for games, but otherwise it’s a pretty powerful technique. (And, oh by the way, we’re talking about the military here, so personnel privacy isn’t as big a concern as it might be in other settings.)

It’s also important to consider the benefits of social networking. Military personnel are not machines. They’re people with spouses, children, and friends back home. Facebook is a remarkably efficient way to keep in touch with large numbers of friends without investing large amounts of time — ideal for the Marine, back from patrol, to get a nice chuckle when winding down before heading off to sleep.

In short, it’s problematic to ban social networking on “official” machines, which only pushes personnel to use these things on “unofficial” machines with “unofficial” ISPs, where you’re less likely to detect attacks and it’s harder to respond to them. Bring them in-house, in a controlled way, where you can better manage security issues and have happier personnel.

Comments

  1. Christian says:

    I don’t really see what the big deal about this organizations banning twitter. I understand that US would like to keep news about the war silent if at all possible, but what would it hurt for a soldier to give a shout out to his friends and family back at home? I do agree, with all the technology filters that are out there, you would think that they could ban any (or filter) any comments that they would think would be inappropriate.

    Christian

    (spammy links deleted)

  2. eee_eff says:

    Instead, our discussion will focus on the issue explicitly raised in the order: social networks as a vector for attackers to get at our military personnel.

    Ok, that means that we have a source of information that we didn’t have before, namely we can learn the identity of an attacker, as well as the timing, which could also be very revealing.

    It reminds me of a story about a couple of bridges US had blown up in Iraq (this was after the initial attack, during the insurgency) Blowing up those bridges, because they were used by the enemy derived our forces of a source of information, namely who takes what over those bridges when.

    Relevant here to is Col Boyd’s definition of insanity:

    Grand strategy, according to Boyd, is a quest to isolate your enemy’s (a nation-state or a global terrorist network) thinking processes from connections to the external/reference environment. This process of isolation is essentially the imposition of insanity on a group. To wit: any organism that operates without reference to external stimuli (the real world), falls into a destructive cycle of false internal dialogues. These corrupt internal dialogues eventually cause dissolution and defeat.

    Let’s insure that our military is as isolated as possible from the reference environment, right???

    (above quote describing Boyd’s thinking can be found here:http://globalguerrillas.typepad.com/globalguerrillas/2004/05/journal_boyd_on.html)

  3. Anonymous says:

    I can understand where military is coming from. Military since times immemorial is known to screen communication and that’s a good thing. Like you said, loose lips sink ships. I am sure military personals have methods to communicate with their family. How did they communicate before the age of facebook and twitter. Don’t they have access to email which probably goes through appropriate military filters? I would be worried about somebody taking a picture inside military base and uploading it to Facebook.

    (spammy links deleted)

  4. dwallach says:

    I’ve deleted one purely spammy post. Two of the posts here seem relevant, yet had spammy links in them. What’s going on with that?

  5. games says:

    I don’t really see and understand why his organizations banning twitter and other social medias…

  6. Anonymous Coward says:

    They don’t want their soldiers realizing they work for an evil empire.
    The internet, and specially social networks are ripe with people openly questioning official line.