The Navy doesn’t use that wireless gear and neither should you
Back in July of 2004, the US Navy’s network security people imposed a Navy-wide moratorium on the use of commercial wireless equipment of the sort likely to be found on your own home wireless network. A waiver process exists, but approval is contingent on confirmation that DoD requirements are met. Consumer-grade wireless equipment doesn’t meet those requirements, largely due to relying on relatively weak encryption schemes like WEP and WPA to secure the wireless connection.
We’re not even talking about the totally seperate networks for handling classified information. For ordinary naval IT needs, use of the wireless equipment you probably use is simply forbidden. As one article states:
Advances in the art of cracking WEP and WPA networks have made arguments for using these encryption schemes in Navy networks indefensible.
Even so, compliance with the moratorium has been an issue.
Popular small office, home office (SOHO) equipment, such as the Linksys WRT54G Netgear WGR614 and D-Link DI-24 have begun to appear on Navy networks as rogue access points (AP).
Navywide, relatively few wireless systems were reported to NNWC, so it is likely that not all wireless networks were reported.
The article reports that this lack of internal compliance has aroused so much concern that Navy information security honchos have directed their network security tiger team, operating out of the Fleet Information Warfare Center, to search for unauthorized wireless networks on certain naval installations — presumably to the detriment of more demanding security work that highly-skilled military hackers would be capable of. It doesn’t take a rocket scientist to just grab a laptop and do some wardriving — but since compliance with directives already issued to regular naval IT personnel is the problem…
Well, you can do the math.
So, why do they have their panties in such a bunch? Well, it’s like this…
The tools for defeating WEP/WPA wireless security have been vastly simplified. Some mentioned in the above article include:
It is not just these free tools themselves, though, but their increasingly slick, easy, almost idiot-proof packaging and documentation — particularly their inclusion in security tester toolkits freely available as bootable Linux live CDs.
To use the aforementioned tools, average knowledge of Linux is required to patch and install unsupported wireless drivers, compile Unix-based tools, capture network traffic and execute WEP and WPA-PSK exploits. Even with the increase in documentation and ease of compiling drivers and tools, these tasks were hurdles that had to be overcome by a novice attacker. But these barriers have all but been removed with the advent of the live Linux distribution based on the Knoppix Linux distribution…
Knoppix variants such as Auditor, Knoppix-STD (Security Tools Distribution) and Whoppix [recently renamed WHAX] have precompiled drivers, software and cryptologic libraries that allow even a novice Linux user to launch sophisticated attacks against wired or wireless networks.
What that basically means is that a significant portion of the US military’s IT infrastructure is vulnerable to anyone who download a CD, burn it and then follow some simple directions. Really.
Now, you may think your secuity needs aren’t as demanding as those of the US military — even for their mundane, unclassified needs. You’d be right, to an extent; but you bear the brunt of the consequences if someone steals your credit card number or otherwise maliciously defeats your PC’s security.
Political activists and dissidents, in particular, should take note. Abuses of law enforcement powers for political purposes, as seen during the COINTELPRO era, are once more a legitimate concern in the US under the Patriot Act. Furthermore, as political discourse grows ever more shrill, the probability of politically motivated freelance mayhem from ordinary people who exceedingly disagree with you is, perhaps, more likely than ever.
Given the importance of computer and internet usage for political purposes in these times, then, the average freedom-loving political activist ought to seriously look into educating themselves on computer security topics, so they can take the steps they need to take to protect themselves.
Share This
