What About The "Air Gap"?

So I've been asking around to confirm whether State uses the same "air gap" technique that the military uses to protect classified information, and it appears that it does. What is an air gap?
HOW DO YOU remotely hack a computer that is not connected to the internet? Most of the time you can’t, which is why so-called air-gapped computers are considered more secure than others.

An air-gapped computer is one that is neither connected to the internet nor connected to other systems that are connected to the internet.... A true air gap means the machine or network is physically isolated from the internet, and data can only pass to it via a USB flash drive, other removable media, or a firewire connecting two computers directly. But many companies insist that a network or system is sufficiently air-gapped even if it is only separated from other computers or networks by a software firewall. Such firewalls, however, can be breached if the code has security holes or if the firewalls are configured insecurely.
The military actually uses several different systems for different levels and types of classification. By far the biggest one is the SIPRnet, which handles information rated SECRET and below. The SIPRnet is huge, comprising thousands of computers across the globe, but it is connected at no point to the commercial internet. Because of the dangers of removable media like thumbdrives, those are forbidden to be connected to the SIPRnet. The computers themselves have to be physically secured, usually by being kept on a military base.

If you want to move data from the internet into the SIPRnet, or vice-versa, it used to be possible by writing the data to a writable CD, transferring the data, and then breaking the CD to ensure that copy was destroyed. You could only do this legally with unclassified information. I don't know that CDs are even still allowed, meaning that data has to be physically re-typed from one system to the other (which is what we usually did when porting unclassified information, such as news reports relevant to our operations, into the SIPRnet). Then there is no danger of transferring any hidden malware.

Smaller and more secure systems handle Top Secret information, such as JWICS. Being kept on a base isn't good enough for a JWICS computer: it has to be kept locked in a proper SCIF. In addition, of course, it's password protected and requires a physical card identifying the user that is itself coded with information about your security clearance.

So how did this classified information get out of the classified, air-gapped networks and onto Clinton's server in the first place? There are really only two possibilities.

1) Someone, or a team of someones, illegally downloaded the material onto removable media, stripped it of its classification markings, and transmitted it onto the public internet.

2) Clinton arranged to have her private server networked with SECRET and TOP SECRET systems, compromising the security of all the information kept on those systems. If you could hack into her system, which was secured by a truly first-rate organization that made copies of the data and then sold the server on which they resided, you could bypass the air gap and get into nearly all of America's most classified data.

Option (1) is a clear felony, one that would have required numerous man-hours of labor given the number of classified records now turning up. It would have been fairly tedious, too, which means that the work would be passed down to flunkies who probably don't want to go to prison forever -- but their records of accessing the data just before the emails were sent on Clinton's private server will be recorded, because they had to log in and be physically present with their ID cards to do it. It should be possible to find these people and apply pressure to them until they crack and cooperate in return for reduced sentences.

Option (2) is a disaster of unimaginable proportions. However, it would have made it very easy for Clinton to access the information and move data back and forth between her private system and the systems used to communicate with her diplomats in the field. For that reason, I suspect it will prove to be the one she actually employed.

11 comments:

  1. Amazing.
    Amazing.
    Amazing.

    ReplyDelete
  2. Air gaps aren't enough for some systems. Those systems need to be enclosed in glorified Faraday cages, because computers--any electrical device--are radio signal emitters, and those signals, if intercepted, can be "decoded." Even at that, too, the systems built to do classified stuff that necessitates their being inside those cages also have to go through rigorous testing to ensure the radio signals are sufficiently weak because Faraday cages are not perfect.

    Eric Hines

    ReplyDelete
  3. I wonder if Clinton ever accessed anything like that? That's a lot of trouble. Dropping in to check on JWICS once a day is already a pain in the behind, and as ThinkProgress reminds us, all Hillary wanted was to be able to send emails from her phone like a normal person.

    ReplyDelete
  4. Oh, and here's a new detail to me: the Inspector General slot for the State Department went unfilled for Secretary Clinton's entire tenure.

    ReplyDelete
  5. If the password policy is too aggressive, people write passwords on post-its. If too weak, they use old passwords (used and probably cracked somewhere else).

    A problem we have is that people use the computers as tools, so their focus generally isn't on the details of things like operations or security--they want their problem solved and they don't want to think about irrelevancies.

    When the details are life or death, maybe they pay more attention. But I get the impression that a lot of folks in both parties don't think of diplomacy and intelligence as life or death matters--that high regard is reserved for polls.

    ReplyDelete
  6. I wonder if Clinton ever accessed anything like that? That's a lot of trouble.

    It's not that much trouble. The fighter simulators my company built for the USAF had to be enclosed in a Faraday cage because the stuff going on in the simulators' computers was classified. The rats I did brain surgery on in a central Iowa college had to be enclosed in a Faraday cage when I ran the experiments that were the purpose of the surgery so that WLS, broadcasting from Chicago, didn't overwhelm the rats' neuron signals that I was assessing. The cages are easy to build.

    The equipment testing and occasional corrective action are tedious, but easy to do.

    The hard part about securing a computer is the reason for the air gap: preventing software intrusions. You just have to do the easy things, too, when you really want security.

    ...ThinkProgress reminds us, all Hillary wanted was to be able to send emails from her phone like a normal person.

    Is this an Onion-y kind of thing? HRC is not an ordinary person; she was SecState. She's also never considered herself a normal person. She's considered herself to be special since she discovered her skills with cattle futures.

    Eric Hines

    ReplyDelete
  7. I'll take your word about the ease -- I know nothing of Faraday cages except that they're supposed to be some sort of defense against electromagnetic pulses. That's the full extent of my knowledge on the subject, I fear.

    Is this an Onion-y kind of thing?

    No, it's an attempt to build a sort of sympathy for the... well, Secretary.

    ReplyDelete
  8. True tales from the SCIF (that I feel confident does not violate my NDA):

    So there I was ("STIW" is how you tell the difference between a "war story" and a sea story which begins "This is no s**t" and a fairy tale which begins "Once upon a time") on a evening shift (though how 10pm - 6am is "evening" I'm not sure), and one of my buddies in the AF said he had never seen Tombstone. Seeing as I had a copy on VHS and thinking it was a tragedy that he had never seen it, I brought it to work to loan him. My mistake was walking into the SCIF with the tape. You see, magnetic media is a big "no-no". And for whatever reason, they're pretty serious about that stuff. But seeing as how I badged in and walked right past the MPs with it in my hand without comment, you'd think I was in the clear. But you see, I was also the shift Information System Security Officer (and thus honor bound to uphold the rules) and I only realized my error once I was past the checkpoint.

    So like a good and true soldier, I walked back to the MPs and turned myself in. They weren't particularly upset, as their evening just became a little less dull. For you see, once the media had crossed into the SCIF, they had to confiscate it until such time as they could verify that no classified data had wound up on it (or to make sure, more accurately, that I hadn't just made a swap with another tape that actually DID contain classified material. Therefore, the MPs were duty bound to watch every single frame on the tape to verify the contents were nothing more than Val Kilmer and Kurt Russell's performance and not *REDACTED* or *REDACTED*. At the end of shift, the MPs returned the tape to me (outside the SCIF) with the story of their sacrifice. You see, in their diligence to verify I was not attempting espionage, they had rotated every member of their shift through the video center to examine the tape, thus did an entire shift of MPs get to spend the evening. Strangely not one was upset with me that I had forced them to perform this arduous task.

    ReplyDelete
  9. That's a good story. Also, Tombstone is a great film.

    ReplyDelete
  10. Heh.

    Is it not long past time that some judge or other investigator with legal authority should have subpoenaed both Hillary's personal IT person(s), and whoever at State was supposedly assigned to deal with her office's IT needs and those of her aides?

    - If she had her personal hardware networked into SIPRnet, someone did that.

    - Someone set up that mail server to begin with. Someone sysadminned it.

    - Someone at State was tasked with setting up Hillary's routine IT such as her state.gov email address.

    - If she had email from that address forwarded to her personal mail server, someone at State set up the forward.

    - Presumably, someone at State noticed at some point that there was no outbound email coming through the State servers from Hillary or her immediate staff.

    These people need to be found and asked questions, specifically about 1) who authorized them to do certain things, and 2) to whom they reported certain things they noticed, and 3) what the reactions were, if any, to those reports. Then the authorizors and report-ees need to be asked some further questions. And so on. What is suspected could not have been done without assistance from others, unless we believe Hillary herself is a crack network engineer who is also capable of configuring a mailserver.

    ReplyDelete
  11. Why not? She's clearly mastered the triple threat of authentic human communications by making eye contact, nodding, and sipping water.

    ReplyDelete