Cyber Wings

[Mephisto]

Also, to agree again with Rainman, there should be no tactical discussion here on this board. If you want to know the real world rationale on some of the lockdowns on our network, get on the SIPR or JWICS.

\

For the specific details yes, but hiding the strategic reasons for why we have security and the general ways attackers can exploit us is a terrible idea. Computers are not a military-only appliance, their use and abuse is common knowledge and freely available.

End users, especially those with important jobs such as being pilots, need to know how their actions can affect the network.

Take for example the following hypothetical, which is an entirely possible event. Keep in mind all of knowledge used to build this theoretical attack is common knowledge to even the most basic of script kiddies on the internet.

This site bills itself as a military aviation community, which naturally makes it an attractive target for people who want to collect info on the US Military. It also runs a relatively popular bulletin board system that has been exploited in the past to reveal sensitive information, and is virtually guaranteed to be exploitable in the future. So bad guy finds this new exploit, or develops it himself, which basically allows him to pull down the entire forum database.

So whats in the database? Copies of all the posts naturally, but there is a lot more sensitive information to be gathered:

- Copies of all undeleted Private messages - How many times do you see "PM sent" A lot. Well Private messages are only private in that everyone can't immediately see them. They are still stored in the database. It is likely that someone has left a message here that has sensitive info on it and now the bad guy has it

- Registration email addresses - Gives the bad guy a target to perform a spear fishing attack on. Now he can craft a targeted email that he is reasonably sure is going to someone who info he wants that is a member of the military. While most people will recognize this attack and not fall for it, how many will report it. And of course, there will always be that one person who clicks the link...

-Password hashes - These are one way representations of the passwords people use to log on to this board and are one of the holy grails for such an attacker. With a lot of computing power (and bad guys have this in spades with compromised computers/bots) these hashes can be broken, revealing the plaintext password. For most people this isnt a problem, its a password for a forum that has already been compromised. But here is the big win for the attacker: There are some people here (likely a lot) who use the same password for this forum as they do for their email, and everything else on the internet. Now the bad guy has this password.

But what can he do with it?

Well the next step is to take that email address and look through every message ever sent and received. With gmail offering GB of free space why would anyone ever delete anything? This is a gold mine to an attacker, especially with various military systems still opting to send a password reminder email to a civilian address. It would be extremely easy to use the compromised email to gain access to a military system.

The bottom line: User actions outside the network can let attackers inside our network. But the overall point is this, network security is extremely vital to prevent military secrets from walking out the door. While people may complain about password requirements and thumb drive bans it is often done for a very good reason. The attackers only have to be successful once, while defenders have to be successful all the time.

Again, the above scenario is entirely possible and is in the domain of an attacker with moderate skill, or low skill with a lot of determination. This info used to build this attack is freely available.

It would be a very good idea for everyone here to think about what they do with computers and the internet and how their actions could be helping an attacker exploit themselves and the military.

Edited May 7, 2010 by Mephisto

[magnetfreezer]

It would be a very good idea for everyone here to think about what they do with computers and the internet and how their actions could be helping an attacker exploit themselves and the military.

2

stuff about hacking baseops

That is why the top of every forum contains a multiple post sticky from the old craniums on OPSEC. Bottom line assume anything you post on here is being read by the media (and don't talk to them). WRT info in PMs, remember you have no proof the person on the other end is who they claim to be anyway. If you feel the need to engage in anything approaching official stuff, get a .mil address, and if there's any question if it needs a SIPR email, it probably does. Reference the OPSEC thread for SIPR Baseops info.

[BQZip01]

Negative, the solution is for the first shirt, wing douchebag, CGO assclown, etc. to STOP filling everyone's in-container with 6-9 ppt announcements and various emails per day. Literally 90% of my email is completely bullshit that I care 0% about. Luckily someone smart invented the auto-delete rule in Outlook, which helps mitigate these retarded emails decently, but still some sneak through. Most users are not the problem, it's the dumbasses who send mass spam mail 10 times a day.

Checks, but if you clean out your mailbox, this isn't a major factor (hint: sort by size and drag the biggest offenders to your .pst file...if you need help setting one up, I'd be happy to help).

Re: back it up to an external HD

Comm killed that possibility long ago.

Why? External HDs are not illegal. Only USB thumb drives and flash media are.

[Guest]

the media (and don't talk to them)

Great advice.

[Fud]

Honestly who gives a shit about what badges we wear in the AF? Do your pilot wings make you man? Are you offended when you see a missile dude wearing a flight suit and having a checkride?

I guess I don't define myself by my airplane or my pilot wings. Are my pilot wings less shiny because the comm geeks now have wings?

I don't care if everyone in the AF wears a flightsuit, at least then we wouldn't be wearing goofy digital ABUs.

Ken, your thought process is part of the problem. It seems that everyone is starting to wear flight suits that is in an "operational" role. I find it sad that career fields are getting wings of all types. They look terrible, and really do not make any sense. I'm not saying that pilots are better than any other person serving in a support role, but let's call it like it is. The USAF revolves around a flight line. Period! I can't stand when other AFSCs try to be things they are not. I still do not know why Security Forces refers to themselves as SF, and although this is a simple thing, it does seem to imitate Special Forces and how they call themselves SF.

I remember when the Army started wearing black berets when it used to be a Ranger thing. The Ranger Regiment and anyone who wore the tab were furious, and rightfully so. The only folks wearing wings and bags, are aircrew members. Not space, missiles, or whoever else wears them these days. It all seems trivial, but to me, it robs communities of their pride and heritage.

[sky_king]

Looks like we're already screwed since the OPFOR stole your shift key.

ha!

[Mephisto]

I'm not saying that pilots are better than any other person serving in a support role, but let's call it like it is. The USAF revolves around a flight line. Period! I can't stand when other AFSCs try to be things they are not.

There are two parts to this new AFSC

17DxA which is most certainly operations (both offensive and defensive) and

17DxB which is the support role that was formerly 33S

The AF has three missions, cyber being one of them. While a lot of the mission has something to do with the flight line, the AF is quickly changing and new operational missions that aren't about supporting jets are quickly coming into prominence.

That is why the top of every forum contains a multiple post sticky from the old craniums on OPSEC. Bottom line assume anything you post on here is being read by the media (and don't talk to them). WRT info in PMs, remember you have no proof the person on the other end is who they claim to be anyway. If you feel the need to engage in anything approaching official stuff, get a .mil address, and if there's any question if it needs a SIPR email, it probably does. Reference the OPSEC thread for SIPR Baseops info.

Very true. Additionally, even if you know the person well, the communications channel isn't as "private" as it seems.

The main things from that scenario people should think about are:

1) not using a main email address to sign up for online forums and other medium risk sites

2) not using the same password for everything

[Guest]

I remember when the Army started wearing black berets when it used to be a Ranger thing. The Ranger Regiment and anyone who wore the tab were furious, and rightfully so. The only folks wearing wings and bags, are aircrew members. Not space, missiles, or whoever else wears them these days. It all seems trivial, but to me, it robs communities of their pride and heritage.

I have another perspective on that...

I learned a lot one day many years ago when I was working on the ground with some folks on McPherson range. When we were driving back in from the range I asked them about berets and tabs since none of them were wearing any of those things. They laughed and said "The only thing that shit is good for is profiling around town trying to pick up chicks. We don't need to have that shit on to do our mission and we don't wear any of it when we go into combat anyway. The only people we care about is the enemy and they don't give a shit about any fucking tabs or headgear."

I never forgot what those guys said and working closely with them downrange over the next 15 years made me realize how right they were. they were the shit, they knew it and they never felt the need to prove it to anyone except the enemy.

I used their attitude as a baseline for teaching the FWIC students at Nellis. I tried to pass on that people should give them credibility based on the things they do and say, not basis some piece of cloth they were wearing on their left shoulder...especially since it is skill, knowledge and leadership that they would be taking into combat while their patch stayed back in their life support locker.

[check6]

derrrr takin eerrrrr jobs!!!!!!

[Seriously]

derrrr takin eerrrrr jobs!!!!!!

da tcka jbbbbbbbbbb!!!!!!!!!!!!!!!!

[189Herk]

Ok, just saw a dude in a flight suit, with cyber wings, AND A WEAPON SCHOOL GRADUATE PATCH at the Died CC chow hall...WTFO??

[Guest]

I wish you still taught there because literally every weapons officer I know insists on flying with a dark green subdued WIC patch on their left shoulder (and a desert tan one in combat). No shit. I never knew why that was necessary and the answer is: it isn't.

I am sorry to hear that. If it is every weapons officer you know it is likely some of those guys may have been my students…so apparently I was a shitty instructor.

I believe people should follow you and listen to you and give you the credibility you earn through your leadership and actions. What I told the students was to beware of the day that they didn't put in the effort they would normally give and relied on the fact that people would see that piece of cloth and give them the benefit of the doubt. That would be the day they would be letting themselves, their fellow patchweareres, their squadron mates and their country down.

My thoughts regarding the FWIC patch applies to everyone, not just patchwearers. It is the primary driver for my point of view that your specific aircraft type, pilot qualification (especially SEFE), flight time, medals etc. are all irrelevant. Your performance and actions today speak for themselves. Yesterday is gone forever.

However, there's a difference between trying to use your insignia to prove something, and not giving a shit about its significance or history. I'm never trying to prove something when I wear my pilot wings....or my wedding ring for that matter. Both are hunks of metal that I don't wear into combat. Regardless, they're both symbolic and significant to me.

Agreed, that’s the right attitude IMHBAO. Those things should matter to you personally and they are worth being proud of. They are not something you should feel like you need to defend against encroachment as the achievement was personal and cannot be taken from you regardless of what bling anyone else is wearing on their uniform.

[Gravedigger]

Ok, just saw a dude in a flight suit, with cyber wings, AND A WEAPON SCHOOL GRADUATE PATCH at the Died CC chow hall...WTFO??

You sure it wasn't a space badge? As far as I know cyber guys aren't wearing flightsuits and going to weapon school...yet. Space folks have been doing both for a minute.

Edited May 10, 2010 by Gravedigger

[189Herk]

You sure it wasn't a space badge? As far as I know cyber guys aren't wearing flightsuits and going to weapon school...yet. Space folks have been doing both for a minute.

Yeah it looked more angular than that...must of been the space badge. Still WTF!?!? Can he fly a tie-fighter or something?

[Majestik Møøse]

...your specific aircraft type, pilot qualification (especially SEFE), flight time, medals etc. are all irrelevant. Your performance and actions today speak for themselves. Yesterday is gone forever.

That's actually one of the most worthwhile things you or anybody else has written on this board. I'm going to write that on my mirror 80's style so I can reality check myself every day. I can't even begin to tally the number of people I know, including myself, who feel the need to rest on their laurels. As they say in motorsports, you're only as good as your last race.

[Guest]

Can he fly a tie-fighter or something?

Holy shit, we have those?!

[Hacker]

Holy shit, we have those?!

The WUGs sometimes fly against them as fam, and sometimes they're also red air during the ME phase.

[Muscle2002]

My thoughts regarding the FWIC patch applies to everyone, not just patchwearers. It is the primary driver for my point of view that your specific aircraft type, pilot qualification (especially SEFE), flight time, medals etc. are all irrelevant. Your performance and actions today speak for themselves. Yesterday is gone forever.

Why especially SEFE with respect to pilot qualification?

[BQZip01]

The WUGs sometimes fly against them as fam, and sometimes they're also red air during the ME phase.

Checks, but proficiency needs only to be measured to a "1" for familiarization only...GTAR is at the front desk for those who didn't sign off their last currency when the rebel scum blew up the death star

[Guest]

The WUGs sometimes fly against them as fam, and sometimes they're also red air during the ME phase.

So that's what is really happening up at Creech. I suspected those guys were whining about Predators to keep everyone from finding out what kind of good deal they really had going. Now we know.

Bastards.

Why especially SEFE with respect to pilot qualification?

Because evaluating the work of others requires the least amount of skill of any of the pilot qualifications. By far. I consider it absolutely worthless wrt providing credibility.

The end. I'm not getting suckered into this one again.

[Guest SquareGear]

::clip:: 1. Air Force e-mail does not suck and is quite secure. ::clip::

Wow...really? No....really?

2. The Air Force portal indeed sucks, but the search function is rapidly getting better (certainly not past a 60% solution, but it is significantly better than even last year)

That's good...the 60% solution after as long as portal has been around is certainly a desirable outcome. If I was only 60% of the way to wings after at least 2.5 years (when I remember doing the last portal migration) then I'm sure people would be defensive of my progress as well...at least I'm better than I was last year.

3.

Wow, an amazing lack of knowledge there. Do you have any idea why they've changed all of the desktop side of the house first? It's because of idiots like you who have no CLUE about the network architecture.

I might actually start to believe you on this one if they didn't replace shit with more shit that actually runs worse than the shit it replaced...

4. Air Force computer support sucks, no question, but they are also stretched quite thin. At my last assignment, we had 7 people for the entire 1500-member Group. That isn't even close to enough. As for your ADPE issues, AETC should have ordered the computers preconfigured with the proper software. As long as that was done properly, all you should need to do is literally plug them in and turn on the power. If you can't handle that, perhaps you should step away from the keyboard...

It costs $$$ to have a preload from the factory...money we don't have, so we pay people to spend their time installing it on this end which most likely ends up costing more than it would have been to order a preload or get a open source ghosting software. Again these decisions are being made by the same folks that are buying the shit computers in the first place...and another group of folks that decide that a 7/1500 support ratio is sufficient.

I couldn't agree more that the bureaucracy indeed sucks mightily, but we do not behave like a corporate entity because our secrets are vital to national interests. If AT&T screws up and lets some information go, there might be a lawsuit. If the AF lets some information go, we could be in serious trouble as a nation. We face more attacks in a day than all corporations worldwide do in a year. If we wait until our office networks are "where [they] should be (as good as Google's, Apple's, or Microsoft's), [and only] then...start working on our offensive 'cyber' capabilities," we will only be further behind the power curve than we already are.

So why are we so bad at doing it? Why are we still running a NetOS based on M*soft instead of a Linux distro (Really...it's just not that hard to learn, especially with KDE/Gnome/etc). You know how much f*ing money we'd save running OpenSource (or a secure internal branch thereof)? Initial learning curve might be a hurdle, but it'd be easily doable. We still run computers (including every laptop I've seen) with unencrypted hard drives when there's even opensource software for Windows that will provide a solution that would brickwall 99.9% of folks...unsat

Imagine a nest of Stingers at end of RWY 12 at Balad...one that we cannot get rid of and that we lose planes every time we use it. Guess what, we WON'T use RWY 12 at Balad and (don't BS me) you wouldn't fly it either until we could mitigate/defeat the threat!

A minor inconvenience isn't worth the risk to our entire network.

Maybe, but it wouldn't take us this long to defeat the threat...especially with COTS options that are already preconfigured to do what we need and it would be defeated offensively not by only sitting around for a year or longer shoring up our walls.

So far the Air Force is doing Cyber wrong. They grabbed it as a mission because of the $$$'s associated with it, but it's gonna be a hard sale to convince people we should be in charge of our electronic battleground when we're largely stuck 3-5 years (or more) behind the standard...let alone running along the cutting edge.

[BQZip01]

That's good...the 60% solution after as long as portal has been around is certainly a desirable outcome. If I was only 60% of the way to wings after at least 2.5 years (when I remember doing the last portal migration) then I'm sure people would be defensive of my progress as well...at least I'm better than I was last year.

Guess what? The Portal is better than it was last year (CAC access finally gets you just about anywhere, and even the search function is starting to show some real promise in usefulness)

I might actually start to believe you on this one if they didn't replace shit with more shit that actually runs worse than the shit it replaced...

That sounds like a local problem. Most of the stuff we get generally works better than the stuff it replaced.

It costs $$$ to have a preload from the factory...money we don't have, so we pay people to spend their time installing it on this end which most likely ends up costing more than it would have been to order a preload or get a open source ghosting software. Again these decisions are being made by the same folks that are buying the shit computers in the first place...and another group of folks that decide that a 7/1500 support ratio is sufficient.

Bullshit. When you preorder 2000+ computers for a single base and you send a "ghost" image you want on the hard-drives, it actually lowers the cost since there are no optional programs for the company to add/customize. I should know: I was in charge of it for a year. We got machines that were approximately $1900 on the street for $438 a piece. Again, the problem with manning is something I addressed and resides at the Pentagon/SAF-level to get fixed. Blaming anyone in your installation is pretty much "ignut"

So why are we so bad at doing it? Why are we still running a NetOS based on M*soft instead of a Linux distro (Really...it's just not that hard to learn, especially with KDE/Gnome/etc). You know how much f*ing money we'd save running OpenSource (or a secure internal branch thereof)? Initial learning curve might be a hurdle, but it'd be easily doable. We still run computers (including every laptop I've seen) with unencrypted hard drives when there's even opensource software for Windows that will provide a solution that would brickwall 99.9% of folks...unsat

I'm a fan of Linux, but the Air Force doesn't use it much (that's not to say it doesn't use it, Apple computers, CRAY supercomputers, etc, but that it isn't the office norm). Neither does most of corporate America. This makes integrating it that much harder (sts). We would spend the better part of a decade reintegrating all the programs that worked on our Microsoft machines (if you aren't a flyer, you simply won't understand the necessity of PEX and its near-absolute reliance on Windows XP).

Maybe, but it wouldn't take us this long to defeat the threat...especially with COTS options that are already preconfigured to do what we need and it would be defeated offensively not by only sitting around for a year or longer shoring up our walls.

Again, ignorance. New threats emerge on a daily basis (check SIPR or higher for details) and are voluminous. Nothing new "defeats" a threat for long (the iPad has already been hacked...).

So far the Air Force is doing Cyber wrong. They grabbed it as a mission because of the $$$'s associated with it, but it's gonna be a hard sale to convince people we should be in charge of our electronic battleground when we're largely stuck 3-5 years (or more) behind the standard...let alone running along the cutting edge.

Seriously, you are driving the equivalent of a 6-pack 2x4 while the guys at other computer-centric installations are operating with a fleet of SR-71s. To make the comparison you have there is merely ignorance. I concur that we do not help our networks out as well as we should, but we are leaps and bounds ahead of most of the rest of the governments of the world. We continue to use stable software platforms versus the latest-and-greatest because they work and they have the least number of problems.

[Gravedigger]

Seriously, you are driving the equivalent of a 6-pack 2x4 while the guys at other computer-centric installations are operating with a fleet of SR-71s. To make the comparison you have there is merely ignorance. I concur that we do not help our networks out as well as we should, but we are leaps and bounds ahead of most of the rest of the governments of the world. We continue to use stable software platforms versus the latest-and-greatest because they work and they have the least number of problems.

You are exactly right Zip. The problem with anything non-flying related is getting the rest of the Air Force to understand that there is more to it than meets the eye. They didn't create Undergraduate Network Warfare Training (that's what it is called whether that offends you or not) to teach folks to check IP addresses and fix the commander's email settings. These folks are also not using the computers that everyone else is. They are building/using some very capable machines, to do a very different job than your base comm office.

Like everyone else has said, you can learn more via secure means; but even then you are getting a small piece of the pie.

Let me just propose that we all accept the fact that the Air Force's new cyber geeks are doing an important job, and that they are not bound by the same frustrating network issues the rest of us are.

Any further explanation or speculation leads nowhere.

Also, cyber is not just Air Force. A unified cyber command is in the not too distant future.

[M2]

Also, cyber is not just Air Force. A unified cyber command is in the not too distant future.

Yep, LTG Alexander was just confirmed as the new commander...

Senate Confirms Military Cybersecurity Chief

Gen. Keith Alexander will head the U.S. Cyber Command, created to protect U.S. military networks from cyberattacks.

By J. Nicholas Hoover

InformationWeek

May 11, 2010 12:48 PM

After a weeks-long delay to have questions answered about the Department of Defense's cybersecurity role, the Senate Friday unanimously confirmed National Security Agency director Keith Alexander as head of a new DoD command tasked with defending military networks from cyber attacks.

When it becomes fully operational in October, the U.S. Cyber Command will be headquartered at Fort George G. Meade in Maryland alongside NSA, and will report through the U.S. Strategic Command. Cyber Command will absorb two of the organizations currently leading much of the military's cyber-defense capabilities -- the Joint Functional Component Command for Network Warfare and the Joint Task Force for Network Operations.

Some final details of Cyber Command remain to be worked out, such as force size, which is currently being analyzed in a study due to be finished by the end of the summer.

"The Department of Defense requires a focused approach to secure its own networks, given our military's dependence on them for command and control, logistics, and military operations," Alexander said at his confirmation hearing last month. "If confirmed, my main focus will be on building the capacity, the capability, and the critical partnerships required to secure our military's operational networks."

In his confirmation hearing, Alexander brushed aside any suggestions that Cyber Command would militarize cyberspace, repeatedly saying that the new organization would focus on defense rather than offense. He said he would be working closely with the DoD's policy undersecretary to develop a comprehensive strategy, and with the Department of Homeland Security to develop a strategy that would be put in place to offer DoD support to protect federal civilian and critical infrastructure networks in the event of a national security crisis.

Some of the key challenges Alexander pointed to at the hearing included attribution of attackers and their intent, improving the security of DoD networks, partnering with the DHS and private industry in the event of major crisis, ensuring the protection of civil liberties, and navigating rules of war in situations where, unlike in traditional warfare, attackers can launch attacks from computers located in neutral third countries or route attacks through American-owned computers here in the United States.

While Alexander focused more on cyber-defense, he did say in written answers to Senators' questions that "under the right circumstances," Cyber Command would have the authority to use offensive cyber weapons against military command and control networks, weapons, power grids, transportation-related networks, national telecommunications networks, and even enemies' financial institutions.

In addition to the new job, Alexander, a graduate of the U.S. Military Academy at West Point, will stay on as director of NSA. However, NSA will remain distinct from Cyber Command in identity and mission.

President Obama nominated Alexander in October. Throughout his career, Alexander has held numerous military leadership roles, including deputy chief of staff for the Army, director of intelligence for the U.S. Central Command, and deputy director for requirements, capabilities, assessments, and doctrine for the Joint Chiefs of Staff. As part of the shift, Alexander also received a fourth star and has been promoted from Lt. General to General.

Cheers! M2

[slacker]

...and that they are not bound by the same frustrating network issues the rest of us are.

They can look at porn on thumbdrives?