this post was submitted on 11 Sep 2024
669 points (98.5% liked)

Technology

58303 readers
11 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

A U.S. Navy chief who wanted the internet so she and other enlisted officers could scroll social media, check sports scores and watch movies while deployed had an unauthorized Starlink satellite dish installed on a warship and lied to her commanding officer to keep it secret, according to investigators.

Internet access is restricted while a ship is underway to maintain bandwidth for military operations and to protect against cybersecurity threats.

The Navy quietly relieved Grisel Marrero, a command senior chief of the littoral combat ship USS Manchester, in August or September 2023, and released information on parts of the investigation this week.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 24 points 2 months ago (3 children)

Why the F were they broadcasting the SSID on a "secret" wifi network? That's just asking to get caught. If they had hidden the SSID most people would never have known about it.

[–] [email protected] 26 points 2 months ago (1 children)

Extra fun is that the head chief never gave anyone else the password. She logged into each of the other chiefs devices.

She could have 100% also typed in the ssid at the time. It would have taken almost no extra effort.

[–] [email protected] 21 points 2 months ago (2 children)

You can view WiFi passwords for saved networks on pretty much every OS. There's no reason to be secretive about entering WiFi passwords, at least to the people whose devices you're entering the password on.

[–] [email protected] 6 points 2 months ago

Indeed, I can share it from my phone via QR or just see the password plain.

[–] [email protected] 2 points 2 months ago (1 children)

She should have used eap-tls..

[–] [email protected] 4 points 2 months ago (1 children)

You think someone stupid enough to make all the above mistakes would be savvy enough to build PKI and a RADIUS server? You're giving her too much credit.

[–] [email protected] 1 points 2 months ago

Again, forgot the /s 😂

[–] [email protected] 5 points 2 months ago

The worker still would have found it.

[–] [email protected] 3 points 2 months ago (2 children)

You can still see a WiFi network (and tell that it is unique from others) even when it’s not broadcasting SSID. It’s just one less piece of information available when someone is trying to access it.

Security through obscurity isn’t security, but it’ll keep neighborhood kids from trying to guess the password from across the street. On a warship? They’d have still seen it.

[–] [email protected] 10 points 2 months ago

Yes but not as blatant as STINKY

Everyone with a smartphone would see STINKY and immediately get suspicious, while only techs would have noticed the hidden network and investigated on that

[–] [email protected] 3 points 2 months ago* (last edited 2 months ago)

On a warship? They’d have still seen it.

It took 6 months to discover, and even then it was by techs who went to physically install different hardware saw the dish hardware mounted to the ship. That's the real WTF here, how do these ships not have some kind of passive RF scanning/rogue AP detection??

It was seen by regular enlisted people who saw the network on their phones and left comment sheets asking WTF it was, but the person in question snatched up the papers before they got to the officers. If they had hidden the SSID, nobody would have seen it because nobody scans for hidden SSIDs on their phones.