Friday, March 11, 2011

DoD Social Media Policy Remains Unaltered

The Defense Department has just reauthorized, for another year, the social media guidelines. [Directive-Type Memorandum (DTM) 09-026]. Accordingly, the NIPRNET will continue to be configured for easy access to insecure Internet-based offerings for several millions of computing devices.

This will include access to social media such as YouTube, Facebook, MySpace, Twitter and Google Apps. The DTM states that DoD commanders and Agency heads will continue defending their computers against all malicious activity.

Without prescribing how malware defenses will be applied there is a question how effective is a generic DTM, which allows the widespread use of social media, but without specific guidelines how to defend the networks.

The widespread use of social media cannot be stopped or curtailed any more. In remote locations and on long rotations, the network time spent on social media can exceed the traffic for conducting DoD business operations. For troop morale the free access to social media is a necessity.

Without a defined policy how to assure security, social media will continue to make the DoD networks insecure. To demonstrate this vulnerability we will use the most pervasive social media, Facebook, to illustrate what are the dangers to NIPRNET.

According to data from security company BitDefender, there's harmful content behind about 20 percent of posts on Facebook news feeds.  BitDefender said about 60 percent of attacks on Facebook stem from threatening third-party apps. *  Most of the infectious software originates from thousands of independent developers who often sell such software for a fee. By clicking on infected links users risk having all sorts of viruses downloaded to their computers. **

People who are tweeting can install from their friends' Facebook accounts a variety of bots. These bots have access to all of the data of anyone connected to a hacked account.  Facebook accounts can then be linked with more people in a social circle - opening up new opportunities for identity fraudsters to launch further attacks.  ***
  
In late October, a particularly malicious piece of malware called Koobface resurfaced on Facebook. Like the original strain of the Koobface virus is spread via Facebook messages. The messages usually have clickable topic lines like "Is this you in the video?" or something similar.  When a user clicks on such message, they are brought to a third party site where a link is waiting.  Open the link and their computer will turn into a zombie that can be commanded to execute more damaging procedures.

SUMMARY
With hundreds of data centers and thousands of servers the attacks transmitted through social media cannot be stopped any more. What is required now is a policy that dictates the technical means for isolating such attacks.

Social media transactions should be completely isolated and segregated.  User displays should be partitioned to communicate all public Internet traffic exclusively with dedicated severs. In this way infected communications will be shuttled into partitions from where a further propagation of malware will not affect the conduct of DoD operations. However, such solutions will require a major overhaul how networks are organized.

The use of social media by DoD personnel cannot be stopped. What is needed is an architecture that will allow the separation of the insecure from the secure environment for an assured safeguarding security.


* http://www.pcmag.com/article2/0,2817,2373281,00.asp
** http://www.bbc.co.uk/news/technology-11827856 
*** http://blogs.computerworld.com/17418/security_warnings_whether_or_not_you_plan_to_drink_and_drive_a_keyboard_this_weekend

 

No comments:

Post a Comment

For comments please e-mail paul@strassmann.com