Today's award goes to the US armed forces in Europe, particularly those personnel involved with the security, storage and handling of nuclear weapons. Bellingcat reports:
For US soldiers tasked with the custody of nuclear weapons in Europe, the stakes are high. Security protocols are lengthy, detailed and need to be known by heart. To simplify this process, some service members have been using publicly visible flashcard learning apps — inadvertently revealing a multitude of sensitive security protocols about US nuclear weapons and the bases at which they are stored.
. . .
... the flashcards studied by soldiers tasked with guarding these devices reveal not just the bases, but even identify the exact shelters with “hot” vaults that likely contain nuclear weapons.
They also detail intricate security details and protocols such as the positions of cameras, the frequency of patrols around the vaults, secret duress words that signal when a guard is being threatened and the unique identifiers that a restricted area badge needs to have.
. . .
Each flashcard set can contain new definitions and acronyms. Searching for these leads on to yet more new flashcard sets.
At first glance, many appear uninteresting. Virtually all the sets share the same generic textbook knowledge that soldiers learn to pass career development courses. These include definitions of terms, acronyms, forms to turn in, laws, procedures and radio protocols.
But in many cases, servicemen or women have added their own need-to-knows and highly specific security details.
For example, an individual at one base noted down over a 100 things to know related to their specific function. These included the location of modems that connect vaults to the monitoring facility, the procedures for duress signals for each area on base, the sight pictures of cameras aimed at the vault as well as the components and workings of their console. Details around the composition of passwords, usernames and whether they can include spaces were also detailed in the cards.
There's more at the link.
I'm sure the USAF and other bodies will be scrambling to redact all the flashcards concerned . . . but it's far too late to fix the problem. With that sort of information so freely available, it's as if Russia or China or Iran (or any other enemy, like a sophisticated terrorist group) had been allowed to send their spies to walk around US bases freely and without restriction, to learn anything they wished about our nuclear weapons' location, security and access protocols. We've handed over the information on a silver platter to our enemies.
I'm mind-boggled that anyone would be so catastrophically, unbelievably stupid as to think that using such open, third-party software was even vaguely in order for such sensitive material. In my day in uniform (not US uniform, of course), if I'd breached security to such an extent, I'm not sure I'd have lived long enough to face trial. We were fighting a "hot" war at the time, and I suspect the immediate reaction from infuriated superior officers might have been to summarily execute the guilty parties. After all, their deaths could easily have been disguised as combat casualties, and they would no longer be capable of betraying national secrets of that magnitude. (There are a couple of cases that I've always wondered about, in that regard. As Voltaire famously put it, perhaps they died "to encourage the others" to do their jobs better.)
One can only hope that those responsible for these breaches of security are prosecuted to the fullest extent of the law. Meanwhile, the US military may as well start building new storage facilities, and developing entirely new security protocols, not just for nuclear weapons, but for any and every other sensitive installation, device or function. Given that similar protocols will apply across many areas, our enemies must surely have the existing ones firmly in their crosshairs by now. In the event of war, I won't be surprised to see them, and the weapons, equipment and people they contain, wiped out before widespread hostilities began.
Peter
"Military intelligence", they call it.
ReplyDelete"Secure" facilities like this are manned by military police. People of the land. The common clay of the new west. You know, cops.
ReplyDeleteIf/when we get into a war with a real military, can there any doubt as to the winner? All the PLA will have to do is to strike during a drag queen show.
ReplyDeleteI remember, decades ago, when even just knowing about which particular aircraft was loaded and ready to go on the flight line could get you into trouble if you let anything slip. Now we hand our enemies everything they want to know.
ReplyDeleteWhile it ultimately comes down to the individuals who did it, I will say I can understand exactly how it happened. Before I separated in 2014, "chiefed" was already a verb for being rung out over stupid crap. It started over minor uniform details (oh, someone who just got off the flight line after twelve or sixteen hours doesn't have a perfectly pressed uniform blouse? The horror!) and had quickly expanded into being quizzed over every detail remotely related to your job, and one wrong answer to the impromptu quiz (which could happen anywhere - I walked up on one of my airmen being hounded by an E-9 about something that was technically TS/SCI on the base track, I shut that down but nothing happened to the bestriped moron) got you written up and dragged in front of at BEST your squadron's senior enlisted, often it ended up being group or wing level struggle sessions where both the airman who didn't know the random trivia answer off the top of their head, their immediate supervisor, and their supervisor's supervisor were torn apart for not upholding the core values ("excellence in all we do"). Only way we could escape it was initially deployments, but by the time I got out they were pulling that crap in Afghanistan too.
ReplyDeleteIt is the same as the fitbit users that carefully mapped the perimeter of their base by logging their daily runs.
ReplyDeleteThere is no understanding of (the lack of) security for devices on the internet. If it uses a cloud, it cannot be secure.
Ukrainian Army, during the recent "troubles" was apparently using an artillery spotter app to calculate artillery fire, since it was significantly more accurate than that provided by the government. Russians figured out what was happening and adjusted all the satellite coverage by just enough meters to throw off all the targeting. Can't remember where I read the article because that would have been a few years ago (5 or 6?).
ReplyDeleteI think the problem is less "stupid" and more "technology is in everything we do and most younger people don't even give it a second thought".
This is entirely the fault of the use of the internet. Modern Western children never have to memorize anything. They are never required nor taught how to memorize. All they carry in their heads (slight exaggeration) is how to type terms into a search bar.
ReplyDeleteThe ancients had much better skills at memorization than we do, because human memory was where knowledge resided. And our attention spans have been crippled, as has our ability to focus, because so much of what we hear and see can be rewound and rerun if we weren't paying attention.
This comment has been removed by the author.
ReplyDeleteBut the important thing is that our military is as Diverse and Egalitarian as possible! Security and basic competency are far down the list of important things to aim for in a modern, enlightened military.
ReplyDelete|
Far better that we sink our ships by crashing into other ships, and lose our nukes due to worse-than-dismal security, than that we have one less seminar or educational counseling session on the evils of Whiteness and masculinity!
Talk about a paper tiger...
I work for a large financial company, and as part of our security training we're taught to *NEVER* create any company-specific information in the internet. We've had people fired for running some innocuous code through an external code checker without getting permission. Exceptions to this rule -- even for something as required as uploading log data to a third party vendor -- require high level approval.
ReplyDeleteunless you're Hillary Clinton.
ReplyDeleteGen X/Y X computers X utter cluelessness about the Cold War realities = the US Air Farce, in all their shining glory.
ReplyDeleteGive the whole thing back to the Army, and put them back under adult supervision for the first time since 1947.
Epic fail.
The army? As adult supervision? They're no better about it. Quizlet had "Ft Rucker Patrol Pattern" as a featured deck about a year ago. Had schedule of shifts, locations to check, and order to check them in. Amused the heck out of me and I sent a link to a warrant who was attached to my unit in the Afghanistan. It went private and then was deleted within a week.
DeleteThis seems to me on a level of parents allowing their toddlers to play with loaded guns at a garden party packed with guests. Imagine how the Euros feel having nuke bases in their midst and learning that the US is so stupid and careless to allow these "loaded guns" to be so vulnerable. Wouldn't blame them if they said, take these nukes away, now, since you obviously can't be trusted with them here.
ReplyDeleteIn my 8 years as a missileer, I have been in 33 missile launch control centers, and have held (for numeral and short times) 34 launch control keys to see that they were in the safes. All gone now, those control centers and missile silos.
ReplyDeleteReally hard to memorize stuff on acid I figure.
ReplyDeletehttps://www.cbsnews.com/news/us-air-force-airment-lsd-cocaine-warren-air-force-base-wyoming-nuclear-missile-sites-records-show/