In the wake of WikiLeaks recent release of a mere portion of hundreds of thousands of US diplomatic cables they claim to have obtained from a source in the US military, the Defense Department is now enforcing a strict US military ban on all removable media devices including CDs, DVDs, USB thumb drives and more.
The source of the leaked cables is alleged to be Pfc. Bradley Manning, a 22-year-old Army intelligence analyst who claims to have downloaded the files from the Secret Internet Protocol Router Network (SIPRNET) before burning them to an inconspicuous CD labeled “Lady Gaga”.
“I would come in with music on a CD-RW labeled with something like ‘Lady Gaga,’ erase the music then write a compressed split file. No one suspected a thing and, odds are, they never will,” Manning wrote in chat files discovered on his seized computer. “[I] listened and lip-synced to Lady Gaga’s ‘Telephone’ while exfiltrating possibly the largest data spillage in American history,” he added later. ”Weak servers, weak logging, weak physical security, weak counter-intelligence, inattentive signal analysis … a perfect storm.”
This isn’t the first removable media ban the US military has attempted. Two years ago, the Defense Department forbade the use of the devices after a malware attack was discovered to be spreading through thumb drives and disks. That ban was lifted this past February after successful cleanup efforts minimized the risks, and some personnel complained about it hampering the ability to perform their jobs.
But according to some military sources, the new removable media initiative may not be filtering down to all branches of operations. "After all the churn... The general perception is business as usual. I'm not kidding," an unnamed source told Wired’s UK office. "We haven't turned a brain cell on it."
As the branches of the military now attempt to re-enforce this, I’m left wondering why they are just figuring out that removable media is a security risk, when every major corporation I have ever been employed with realized it years ago and disabled workstations’ ability to even recognize the devices? Also, employees were told to find other ways to do their jobs without the use of flash drives and burned media, and it usually wasn’t too hard to figure out a workaround.
But, alas, the US military is not a corporation, and they are working on more technical ways to enforce the ban while threatening to Court Marshall anyone caught disobeying the new orders.
