A U.S. Navy chief who wanted the internet so she and other enlisted officers could scroll social media, check sports scores and watch movies while deployed had an unauthorized Starlink satellite dish installed on a warship and lied to her commanding officer to keep it secret, according to investigators.

Internet access is restricted while a ship is underway to maintain bandwidth for military operations and to protect against cybersecurity threats.

The Navy quietly relieved Grisel Marrero, a command senior chief of the littoral combat ship USS Manchester, in August or September 2023, and released information on parts of the investigation this week.

You are viewing a single thread.
View all comments
11 points

Serious question: Was this actually a likely or possible security risk?

permalink
report
reply
21 points

Very yes. They could reveal their location for starters, which could spoil a mission and put lives at risk, but if they use the same device on both this and the ships network, you risk compromising the ship’s network or even the Navy itself, giving our enemies all kinds of sensitive info.

We are in the midst of a world war being waged in cyberspace and the US is losing. Incidents like this are a genuine threat.

permalink
report
parent
reply
-1 points

I was assuming they had their own hidden network going. I can’t imagine they would be dumb enough to mess with the existing ship network.

permalink
report
parent
reply
2 points

It was on its own hidden network, if it was on the existing network it would have been discovered a LOT sooner

permalink
report
parent
reply
12 points

There are regular unprotected Internet channels, and then there are secure networks like SIPRNet. Devices must not arbitrarily cross from one to the other. That’s where a leak can happen. That’s one thing I learned working for a company with an Army contract 20 years ago. Once a device was set up for secure access on the military network, our policy was to never have it touch the civilian Internet again. It had to be 100% verified destroyed at the end of its lifetime. I don’t know details of how they handle it these days with mobile devices everywhere.

permalink
report
parent
reply
4 points

I don’t know the exact details of their setup but I would imagine if they have phones on the ship there’s a network they can connect to on the ship that’s not their starlink internet.

Aside from being able to possibly identify the starlink waveforms with passive RF surveillance or being able to identify the location of the ship through hacking spacex or their satellites, if they went back and forth between being connected on their phones to the ship network and the internet, their phones could have been compromised, leaving the possibility also of them being a perfect pivot point for hackers interested in exfilling important government secrets.

Overall just very bad opsec for a ship and definitely not a good idea.

permalink
report
parent
reply
2 points
Deleted by creator
permalink
report
parent
reply
44 points

Yes, it is a likely risk. Having an unauthorized broadcast signal is a security risk because it can be used to locate and target the ship, allows for crew to communicate with the outside world without the oversight that they would normally have, and is outside the control of the ship’s command.

There are many valid reasons for the military to be limited to authorized channels for communication.

permalink
report
parent
reply
10 points

And we know that Elmo probably reports directly to Putin, insane that they got such a highly placed asset who’s also the richest man in the world

permalink
report
parent
reply
5 points

https://en.m.wikipedia.org/wiki/SpaceX_Starshield

except SpaceX is selling for all we know to be military starlink with extra capability to the US goverment.

permalink
report
parent
reply
-3 points

He doesn’t. He may serve Russian interests at times, but he’s not a direct report the way Tim Pool and many of our government elected officials are.

permalink
report
parent
reply
3 points

Anything Elon Musk can track is probably a security risk until he stops being the most divorced person to ever exist.

permalink
report
parent
reply
1 point
*
Deleted by creator
permalink
report
parent
reply
1 point

I’d imagine the receiver’s location could possibly be tracked, but the bigger thing of restricting communications to officials channels while on duty is to ensure anyone on the ship doesn’t let slip sensitive information that could compromise the mission or ship’s safety.

permalink
report
parent
reply
1 point

Yes. If it became connected to any ship network, that network is now on the Internet and not protected by the regular firewall.

permalink
report
parent
reply
6 points

Itself? Not really.

If a ship is close enough to pick up an SSID they are close enough for any number of other methods. And starlink is theoretically trusted by the us government.

But if they were actually locked down for a real mission (not the stuff you do to make people feel important) then we could have seen the same kinds of telegram leaks Russian has near constantly.

permalink
report
parent
reply
4 points

The GPS is recording where they are, which can report to things like fitness applications. These are not so secure and can identify where they are, have been, and likely will go next.

permalink
report
parent
reply
4 points
*

And if there is not immense amounts of “do not have a fucking fitbit” levels of warnings and policies, that is a problem for the US Navy itself. Because a lot of those will also cache data and send the last N days once they get back to shore.

Again, unless they were ACTUALLY doing sensitive stuff (rather than just “sensitive by default” to protect Leadership™ from having to think and make decisions) then we are looking at the same problem the russians have in Ukraine.

Otherwise? It is a policy violation, not a security violation, in and of itself. What people then share on social media is on them.


And a friendly reminder: Policy is made to minimize the risk of a security issue and you should follow it (if only because you are paid to). But it is VERY important to understand what you are actually protecting yourself from so that you understand if policy is even doing anything. Otherwise you get complete insanity as more and more bureaucrats and Leaders™ add bullshit so they can get a bonus for being “security minded”.

permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


Community stats

  • 14K

    Monthly active users

  • 6.8K

    Posts

  • 155K

    Comments