May 28, 2011 / by emptywheel

 

The Army’s “Sticky Note” SIPRNet Security

No wonder the US Army was allegedly bested in the WikiLeaks leak by a Lady Gaga CD.

In addition to all the other gaping security problems with the classified network, there were apparently widely accessible SIPRNet computers with passwords written out on sticky notes on the computers.

A Guardian investigation focusing on soldiers who worked with Manning in Iraq has also discovered there was virtually no computer and intelligence security at Manning’s station in Iraq, Forward Operating Base Hammer. According to eyewitnesses, the security was so lax that many of the 300 soldiers on the base had access to the computer room where Manning worked, and passwords to access the intelligence computers were stuck on “sticky notes” on the laptop screens.

Rank and file soldiers would watch grisly “kill mission” footage as a kind of entertainment on computers with access to the sensitive network of US diplomatic and military communications known as SIPRNet.

Jacob Sullivan, 28, of Phoenix, Arizona, a former chemical, biological, radiological and nuclear specialist, was stationed at FOB Hammer in Manning’s unit.

“A lot of different people worked from that building and in pretty much every room there was a SIPRNet computer attached to a private soldier or a specialist,” Sullivan said

“On the computers that I saw there was a [sticky label] either on the computer or next to the computer with the information to log on. I was never given permission to log on so I never used it but there were a lot of people who did.”

He added: “If you saw a laptop with a red wire coming out of it, you knew it was a SIPRNet. I would be there by myself and the laptops [would] be sitting there with passwords. Everyone would write their passwords down on sticky notes and set it by their computer. [There] wasn’t a lot of security going on so no wonder something like this transpired.”

Hey DOD? You gotta be trying to keep stuff secret if you’re going to claim it’s secret. If the password to get to the secrets is floating around on Post It notes, you really can’t argue that you were actively trying to keep this stuff secret.

Copyright © 2011 emptywheel. All rights reserved.
Originally Posted @ https://www.emptywheel.net/2011/05/28/the-armys-sticky-note-siprnet-security/