USAF COMSEC Breach
Ecce Homo! Loquitur...
Thread Starter
USAF COMSEC Breach
Possibly related to this? https://www.pprune.org/jet-blast/653...-backdoor.html
Just secure real time radios from the look of it - not intel data or access to secure internet data?
https://www.theguardian.com/us-news/...cal-compromise
Pentagon hit by ‘critical compromise’ of US air force communications – report
The Pentagon is investigating a “critical compromise” of communications across 17 US air force facilities, according to reports.
The US department of defense’s investigation comes amid a tip from a base contractor that a 48-year-old engineer at the Arnold air force base in Tennessee had taken home various government radio technologies, Forbes first reported Friday.
According to a search warrant obtained by investigators and reviewed by Forbes, the equipment allegedly taken by the engineer cost nearly $90,000. It also added that when law enforcement agents searched his home, they found that he had “unauthorized administrator access” to radio communication technology used by the Air Education and Training Command (AETC), which is one of the nine major commands of the air force and in turn affected 17 defense department installations.
Investigators also found an open computer screen that showed the engineer running a Motorola radio programming software. According to the warrant, the software “contained the entire Arnold air force base (AAFB) communications system,” Forbes reported.
The outlet also reported that, according to the warrant, a document detailing the forensics on technologies seized from the engineer’s home revealed that he had a USB which contained “administrative passwords and electronic system keys” for the AETC radio network.
Other items seized included flash drives that contained “local law enforcement radio programming files” and “Motorola radio programming files” which presented a warning banner that indicated they were government property.
Installer files which were recovered in the search opened with a “CONFIDENTIAL RESTRICTED” pop-up, according to Forbes.
The warrant also recounted how witnesses and co-workers informed investigators that the engineer had allegedly “sold radios and radio equipment, worked odd hours, was arrogant, frequently lied, displayed inappropriate workplace behavior and sexual harassment, had financial problems, and possessed [Arnold air force base land mobile radio] equipment”.
It added that a colleague had reported him twice due to “insider threat indicators” as well as unauthorized possession of air force equipment, according to investigators.
Investigators also reported to have found evidence which indicated that the searched contractor had possible access to FBI communications, as well as Tennessee state agencies, Forbes reported. The FBI is working alongside the air force on the investigation, according to the outlet.
Forbes has not yet disclosed the engineer’s name as he has not been charged. However, the outlet reported that according to his LinkedIn page, the engineer has an extensive history in cybersecurity and radio communications.
“He claims to have carried out numerous tests of the Arnold air force base’s security, improved protection of radio communications on the site and had knowledge of the encryption used on government data,” Forbes reported.
The Forbes report comes only three months after one of the worst leaks in US intelligence in over a decade. In that case, 21-year-old Jack Teixeira, an air national guardsman at the time, was arrested on suspicion of leaking hundreds of Pentagon documents.
He has since been charged under the Espionage Act.…
Just secure real time radios from the look of it - not intel data or access to secure internet data?
https://www.theguardian.com/us-news/...cal-compromise
Pentagon hit by ‘critical compromise’ of US air force communications – report
The Pentagon is investigating a “critical compromise” of communications across 17 US air force facilities, according to reports.
The US department of defense’s investigation comes amid a tip from a base contractor that a 48-year-old engineer at the Arnold air force base in Tennessee had taken home various government radio technologies, Forbes first reported Friday.
According to a search warrant obtained by investigators and reviewed by Forbes, the equipment allegedly taken by the engineer cost nearly $90,000. It also added that when law enforcement agents searched his home, they found that he had “unauthorized administrator access” to radio communication technology used by the Air Education and Training Command (AETC), which is one of the nine major commands of the air force and in turn affected 17 defense department installations.
Investigators also found an open computer screen that showed the engineer running a Motorola radio programming software. According to the warrant, the software “contained the entire Arnold air force base (AAFB) communications system,” Forbes reported.
The outlet also reported that, according to the warrant, a document detailing the forensics on technologies seized from the engineer’s home revealed that he had a USB which contained “administrative passwords and electronic system keys” for the AETC radio network.
Other items seized included flash drives that contained “local law enforcement radio programming files” and “Motorola radio programming files” which presented a warning banner that indicated they were government property.
Installer files which were recovered in the search opened with a “CONFIDENTIAL RESTRICTED” pop-up, according to Forbes.
The warrant also recounted how witnesses and co-workers informed investigators that the engineer had allegedly “sold radios and radio equipment, worked odd hours, was arrogant, frequently lied, displayed inappropriate workplace behavior and sexual harassment, had financial problems, and possessed [Arnold air force base land mobile radio] equipment”.
It added that a colleague had reported him twice due to “insider threat indicators” as well as unauthorized possession of air force equipment, according to investigators.
Investigators also reported to have found evidence which indicated that the searched contractor had possible access to FBI communications, as well as Tennessee state agencies, Forbes reported. The FBI is working alongside the air force on the investigation, according to the outlet.
Forbes has not yet disclosed the engineer’s name as he has not been charged. However, the outlet reported that according to his LinkedIn page, the engineer has an extensive history in cybersecurity and radio communications.
“He claims to have carried out numerous tests of the Arnold air force base’s security, improved protection of radio communications on the site and had knowledge of the encryption used on government data,” Forbes reported.
The Forbes report comes only three months after one of the worst leaks in US intelligence in over a decade. In that case, 21-year-old Jack Teixeira, an air national guardsman at the time, was arrested on suspicion of leaking hundreds of Pentagon documents.
He has since been charged under the Espionage Act.…
Jeez - a guy does some work at home in his own time and this is the thanks he gets..............
The following users liked this post:
Puts a whole different slant to “working from home”!
Talking of COMSEC these days what are the RAF rules regarding mobile phones? People cannot seem to do without the by their side in this day and age. Even switched off they seem able the give out information as to a person’s whereabouts.
Never heard of Arnold AFB, initially thought it was a Guard or Reserve base, till googled it... Arnold Engineering Development Centre ....engine and rocket propulsion test facility that falls under Air Force Material Command
https://www.arnold.af.mil/About-Us/
https://media.defense.gov/2021/Jun/2...ES%20GUIDE.PDF
It is also interesting in the article that AETC was the main subject of his hacks
cheers
https://www.arnold.af.mil/About-Us/
https://media.defense.gov/2021/Jun/2...ES%20GUIDE.PDF
It is also interesting in the article that AETC was the main subject of his hacks
cheers
Join Date: Mar 2014
Location: Oviedo Florida
Posts: 21
Likes: 0
Received 0 Likes
on
0 Posts
And he was ratted out by another contractor. Probably the radio vendor. It would not be the first time. Unless he had access to the encryption key management facility, the radios would hear nothing encrypted. Even more doubtful any FBI commos were compromised. I would guess the "equipment" was actually software valued at $90K. Very similar thing happened in Canada a couple years ago. The target was the communications manager for a major city. He had some software on a USB, also ratted out by a co worker. The major vendor pressed charges. To date no criminal indictment.
"It also added that when law enforcement agents searched his home, they found that he had “unauthorized administrator access” to radio communication technology used by the Air Education and Training Command (AETC)"
So who gave him that? No doubt someone at ATEC who couldn't be bothered to have to come over and type in an access code every time a small time contractor needed access?
So who gave him that? No doubt someone at ATEC who couldn't be bothered to have to come over and type in an access code every time a small time contractor needed access?
Talking of COMSEC these days what are the RAF rules regarding mobile phones?
All areas are colour coded and those which are amber or red do not allow mobile phones. All mobiles are kept outside these rooms.