ROK Drop

Avatar of GI KoreaBy on February 22nd, 2013 at 7:47 am

USFK’s Top Cyber-Security Concern is USB Cellphone Charging

» by in: USFK

Shouldn’t these USB drives be disconnected in the first place to avoid this issue?

YONGSAN, South Korea (Feb. 8, 2013) — Smart phone owners with access to government computers in South Korea have rapidly become the number one group of cyber security violators in the country.

Over a recent seven-day period, the Korea Theater Network Operations Center detected 129 cyber violations caused by smart phones alone. Most of the perpetrators did not realize they had done anything wrong.

“The main problem is that people are using their government computers to charge their phones with USB cables,” said Lt. Col Mary M. Rezendes, 1st Signal Brigade operations officer-in-charge.

Violators don’t realize that computers recognize their phones as USB devices and that their software puts the network at risk. [Army.mil]

For anyone using the excuse they did not know a USB device puts the network, they are either lying or incompetent considering the mandatory information security training everyone takes. Plus most units have signs and stickers on or the computers saying USB devices are not allowed. Taking away government computer privileges or not allowing cellphones in office spaces would be a quick way to end this.

Tags: , ,
- 1,356 views
43
  • Jimbob
    7:16 am on February 22nd, 2013 1

    First, most of the offenders are Korean local nationals.

    Second, this is not the top cyber security concern within USFK. I work within the cyber cell. ’nuff said.

  • Smokes
    7:25 am on February 22nd, 2013 2

    Damn right Jim, the #1 concern is making sure the right version of the AUP is uploaded to ATCS.

  • 2ID Doc
    7:44 am on February 22nd, 2013 3

    Isn’t there still a regulation on the books that Furbys are not allowed in Sensitive areas? Why not create a cell phone lock box outside these areas? Yes I realize lots of non-sensitive areas have network computers too, I work in the IT industry, I also know that the computer BIOS can be configured so that most USB ports are dead. I know one company that actually used silicone to seal up the ports to prevent, without significant effort, USB port use. In the era of USB mice, keyboards & printers that is over the top though. I also have to agree with #1 JimBob, the KN workers tend to play loose fast & easy with the regulations when it suits them or enforce them to their advantage.

  • MILDAC
    7:57 am on February 22nd, 2013 4

    Why doesn’t the Government just order these from Dell without USB ports? The common user has no need for a USB port so I would think Dell would have no issue with this considering how much the DoD spends at Dell.

  • Jimbob
    8:07 am on February 22nd, 2013 5

    @3, The US gov’t typically purchases Dell computer en masse. And no, the Phoenix BIOS in most Dell comps cannot disable USB entirely. You *can* do it physically at the hardware level but it is exceptionally time-consuming.

    Point blank, what happens is a lot of people try to plug their phones into the USB ports of their computers to charge them and don’t realize that you can do bad, bad things on NIPR with a rogue cell phone that gets compromised.

    I will not go into specifics, but it *is* mostly Korean nationals working at USFK that are guilty of this. It is not, I repeat not, some grand conspiracy theory to “compromise” NIPR. I receive “hit lists” twice per week and see this first-hand. It’s truly a user education issue, most people just straight up don’t know better. A lot of facilities do not restrict cellphones in the workplace because they don’t have classified workstations within the vicinity, hence why this is an issue.

  • Jimbob
    8:08 am on February 22nd, 2013 6

    Also, @4, most peripherals (keyboards, mice) are no longer manufactured as PS/2 (serial), but are USB only. Nobody builds computers anymore without USB ports. It is not an option.

  • MILDAC
    8:11 am on February 22nd, 2013 7

    #5, didn’t think about that but I am sure Dell could make a different type off connection similar to USB but proprietary for the keyboard and mouse and get rid of USB.

  • MILDAC
    8:11 am on February 22nd, 2013 8

    #5, didn’t think about that but I am sure Dell could make a different type of connection similar to USB but proprietary for the keyboard and mouse and get rid of USB.

  • Jimbob
    8:13 am on February 22nd, 2013 9

    MILDAC: this would be for DoD only and it not in any way in Dell’s interests to cater to the needs of DoD specifically, plain and simple. We are a big customer, we are not the biggest customer. At the end of the day, it’s a DoD issue, not an industry issue.

  • MILDAC
    8:19 am on February 22nd, 2013 10

    #9, makes sense, the simple things are always the most complicated in DoD.

  • Smokes
    8:20 am on February 22nd, 2013 11

    Get rid of USB… ah ok. -_-

    In anycase the TNOSC knows the fix for this but of course they’re understaffed, overworked, and misutilized.

    JimB’s on the money though; people aren’t thinking of it as “I’m plugging my personal hand held operating system and mass storage into my GIS” they’re thinking “I’m just charging the battery.”

  • Bobby Ray
    8:25 am on February 22nd, 2013 12

    Good grief people just open up your case and clip them two USB data wires. You can leave them two power wires hooked up and charge all the phones you want. If some fellow is motivated enough to turn his case around and unplug a mouse or keyboard to read something off of USB you aint going to stop him with no sticker.

  • MILDAC
    8:25 am on February 22nd, 2013 13

    My question to you computer geeks is why not get rid of USB and go back to PS2 for users? If Dell wouldn’t make that type of PC I bet someone would, big contract for PCs in the DoD.

  • Blah
    8:28 am on February 22nd, 2013 14

    Lame article…no wonder…source is 1st Sig

  • Jimbob
    8:30 am on February 22nd, 2013 15

    Because PS2 is a dead standard and is NOT the answer to combat this problem. The answer is a big more complicated and does not warrant explanation on these forms. I know that’s a crappy answer, but it’s the truth.

  • Smokes
    8:33 am on February 22nd, 2013 16

    Because it isn’t just about mice and keyboards. Some people still have local printers, some require USB to configure BlackBerry’s for distribution. There are also office that have approval to connect various media devices to their systems. You’re trying to solve the issue from the wrong end, an enterprise solution is the preferred method.

  • MILDAC
    8:38 am on February 22nd, 2013 17

    I guess that is why I am not in the computer field. :) I am guessing that makes sense to those that are.

  • Blah
    8:44 am on February 22nd, 2013 18

    Guys…smartphone is insignificant risk even connected because the systems already have controls in place to prevent data transfers. Stop making it more complicated then it has to be. You act like you work at 1st Sig. Doh!

  • Jimbob
    8:52 am on February 22nd, 2013 19

    Mmm actually, nobody in USFK should have local printers. If they do it’s legacy and per 8th Army it is no bueno. Network printers are the standard.

    Also, I manage Blackberries for my command and they are white-listed by hardware ID. (hence why I plug Blackberries into my NIPR box and am not flagged).

    Working at 1st SIG has nothing to do with it.

  • Blah
    9:01 am on February 22nd, 2013 20

    That $15 low profile thumb drive in the PX is a bigger threat and easier to sneak into a regular or classified space. How? I can make a thumb drive bootable If I boot off that thumb drive, I will be off the network undetected and can copy anything you don’t have encrypted.

    How to counter? Password your BIOS so I can’t boot off it on your computer. As an extra layer of defense, encrypt your data. This is actually supposed to be done but isn’t being done and we are concerned more about people charging their phones off a data disabled USB port? Not very good risk management.

  • Smokes
    9:03 am on February 22nd, 2013 21

    Site your refference in regards to local printers being unauthorized please. I’m not aware of any and would appreciate the ammunition when asked by people about them getting a local one for no good reason other than they feel they’re that important to have their own.

  • Jimbob
    9:06 am on February 22nd, 2013 22

    Yea, but in 45 seconds I can open that box, remove the CMOS battery, replace it, and boot the machine sans-password and be in the BIOS doing whatever I want. This can also be done at the assembly level.

    On the classified side, a thin client solution is a much better option because you *can* disable the USB ports with the exception of the specific HW IDs of keyboards/mice and it’s a non-issue.

    Again, the rest of this isn’t a conversation for rokdrop.

  • Blah
    9:44 am on February 22nd, 2013 23

    But locking the case isn’t a STIG requirement as is having a BIOS password. And encrypting SI is a policy requirement.

  • Jimbob
    10:03 am on February 22nd, 2013 24

    Nobody locks cases.

  • chefantwon
    5:37 pm on February 22nd, 2013 25

    Depending upon the mother board, most of the USB ports can be disabled. Through Windows, you can delete specific USB ports. (although if the user permissions are NOT set, then your wasting your time). Depending upon how the policies set up, you can disable all of the USB ports, except for the keyboard and mouse. If anything else gets pluggd in there, it simply doesn’t work. (USB does have that plug and play software that identifies what it is to Windows as it can be auto-configured for use)

    Saying this, it is a major pain in the rear, however it CAN be done and is by many businesses to prevent unauthorized hardware being attached to their pc’s.

  • Harika
    8:09 pm on February 22nd, 2013 26

    **Disabling USB ports is not an option. Please do not mention it again.**

    Windows allows GPOs that are policy settings that can apply to all systems. There are settings to disable MANY types of USB devices, those settings should be used to disable each specific type of storage (there are more than one type of ‘usb’ storage.)
    What happens then is that even though it gets plugged in, nothing is allowed to be installed or accessed.
    Please NOTE: **The goal is not to stop a dedicated attacker that has physical access to the system. The goal is to stop users from accidentally exposing bad things to the GOV.

  • Baek In-je
    8:49 pm on February 22nd, 2013 27

    South Korean do not think of stealing classified materials as stealing. Remember the Korean “astronaut” that the Russians caught smuggling documents from their space center? He said he just wanted to read them at his apartment.

  • johnhenry
    10:19 pm on February 22nd, 2013 28

    LAME EXCUSES! The excuse from the users is lame and the excuse from the command is lame. Even the military libraryies are set up so the computers will not recognize a USB device. That went into effect a few years ago. I was just at Yongsan’s Main Post Library a couple of weeks ago and the computer stalls still had that information posted.

  • Bob
    12:02 am on February 23rd, 2013 29

    Buy a bunch of phone chargers, and put them around the office.

  • MTB Rider
    3:51 am on February 23rd, 2013 30

    Are there USB Blanking plugs that could be put over the USB Ports? Especially the front ports?

    People are lazy, and tend to follow the path of least resistance. Most people won’t plug their phone in the back USB ports because it is a pain, but that front port sits there, like the ones at home. Blank those out with a plug, especially a bright red one that says “Do Not Remove”

  • Bob
    3:55 am on February 23rd, 2013 31

    Um, if the issue is charging just but a bunch of charges and put them at each work station. They cost like $5 each.

  • Smokes
    4:22 am on February 23rd, 2013 32

    Everyone notice how Jimbob @ 19 never actually followed up with a refference on his claim that local printers are unauthorized? That’s standard for the offices running things in this theater, make claims and not actually cite anything. K-TNOSC, RCERT-K, CESO-K, 1st Sig are all famous for doing it. I haven’t had much interaction with JCISA but I don’t hear glowing reviews about how they operate either.

  • nomad
    4:59 am on February 23rd, 2013 33

    Things may have changed within the last year since I left Korea but at the time, local printers were authorized but could not be shared. Here in the states, I work for a NEC and on this post, it’s the same; local printers are authorized but cannot be shared.

  • Smokes
    5:11 am on February 23rd, 2013 34

    It’s fine either way in regards to authorization. The issue is people in various offices who throw shit out like that without citing anything. I had someone at one of the offices here tell me some information I was posting on our internat network wasn’t authorized and an OPSEC violation.

    I answered back with “Really? I wasn’t aware of that nor do I understand why this is a violation; please explain this to me,”

    After an uncomfortable moment of silence they said they didn’t know where it was but it’s spelled out somewhere. So I asked where can we find the reference and finally they outright admitted they didn’t even know if it was a violation and they would “Seek guidance from NETCOM.” which is BS-speak for “We’re going to do nothing in the hopes that you drop it after a while.”

    I don’t care if these higher levels make decisions on their own, they have the right and obligation to do so if they feel it’s warranted but to blow smoke just pisses me off.

  • Smokes
    5:19 am on February 23rd, 2013 35

    internat = internal

  • Harika
    5:43 am on February 23rd, 2013 36

    @31 and all others talking about buying them. Great, good idea, so long as its NOT purchased by the GOV. We do not need to be wasting US tax money on office BS.

    Don’t plug them in. Its not hard. If you are without cell phone until you can find a non-GOV system, that is YOUR problem. The US GOV does not have to accommodate your cell phone needs. *Obviously my comments do not apply to GOV-issued items, but they need-NOT be plugged into the system.

  • kangaji
    7:03 am on February 23rd, 2013 37

    Maybe he just wanted to confiscate it to sell it? Bye bye clearance.

  • Jimbob
    4:37 am on February 24th, 2013 38

    @32, It’s actually a policy that 1st SIG BDE just had handed to them by Big Army a couple weeks ago (NIPR network/MFD hardening) as an offshoot of Operation Gladiator. I can look it up for you at work tomorrow.

  • Jimbob
    4:39 am on February 24th, 2013 39

    I don’t work for or fall under any of those organizations you mentioned so I don’t have the policy letter memorized off the top of my head. I can tell you that this is coming down from CYBERCOM proper and isn’t just something 1st SIG BDE cooked up.

    Where we work we manage our own non-8th Army enclaves (with the exception of NIPR).

  • BBBBBBBBBBell
    5:13 pm on February 24th, 2013 40

    @ no. 1(jimbob): I would like to see some figures supporting your claim of it being mostly Korean Nationals. As for your claim that this is not the top concern and you work in the “cyber cell”…maybe USFK says that is their biggest threat to prove a point…and your OPSEC sucks. Please remember this is a blog that is open to the public. “nuff said”

  • MTB Rider
    7:46 pm on February 24th, 2013 41

    So, nothing on my idea to just put a blanking plug over the USB ports?

    Look, here’s a link:

    http://www.componentforce.co.uk/category/1042/usb-flush-port-covers

    Buy ‘em in bulk. Send out a crew with a couple tubes of Superglue and BAM! Problem solved.

    TQL/Lean 6 Sigma it if you have to, but seriously: you can send out memos about the new TPS Report Cover Sheet, or you actually FIX the problem. Just remember who threw you the bone.

  • BBBBBBBBBBell
    8:03 pm on February 24th, 2013 42

    #41 If it looks stupid but it works…then it ain’t stupid. Problem is you just took Jimbob’s job of monitoring USB ports in his “CyberCell” ;-)

  • MTB Rider
    9:44 pm on February 24th, 2013 43

    Yep. FIX the problem for maybe $1000 peninsula wide, and someone else loses their job. So don’t do it.

    Sorry JimBob! Better Luck Next Time!

 

RSS feed for comments on this post | TrackBack URI

By submitting a comment here you grant this site a perpetual license to reproduce your words and name/web site in attribution.

Bad Behavior has blocked 31825 access attempts in the last 7 days.