April 13, 2006:
Counter-intelligence officials, whose job it is to prevent secrets from being stolen, are getting hit with new threats. The more familiar problem is petty theft. In Afghanistan, and to a lesser extent Iraq, cleaning and maintenance staff, have a an annoying tendency to steal whatever they can get away with. For security reasons, many of the cleaning personnel in Iraq are imported non-Iraqis. These people are less likely to steal, not just because they have a harder time fencing the stuff, but because they can lose a good job, and be shipped home, if they get caught. In Afghanistan, hiring locals is less of a security risk, and there it has been discovered that memory sticks are very popular items to steal. Some of these devices are as small as a finger, and easy to conceal. Out on the street, some of them can bring five or ten bucks to the thief. That's real money in Afghanistan, where a good monthly salary is a hundred dollars.
The memory sticks generally hold between 256 megabytes (million bytes) to two gigabytes (billion bytes) of data. These items plug into most PCs and laptops, and instantly become another hard drive (as far as the computer is concerned.) Memory sticks have basically replaced floppy disks and CDs when it comes to moving data around. Troops like them because they can quickly put all the data they need for a mission on a memory stick. The memory sticks are cheap, two gigabyte one versions can be had for under a hundred dollars. The troops leave a lot of them lying about, and many of these get swept up by the friendly Afghan cleaning guys. When the purloined memory sticks show up in the market place, their contents, sometimes including classified data, are usually erased, to make way for the new users stuff. But, for a counter-intelligence officer, the vulnerability is obvious. The nightmare scenario is a journalist getting possession of one of these stolen memory sticks. The resulting story would feature as many damaging secrets as possible. That makes the story more exciting, especially for the soldiers whose job just got more dangerous.
And then there are the people you can't see. In the last few years, organized crime, especially in places like Eastern Europe and Russia, have gotten into Internet crime in a big way. No more Amateur Hour. The mob thinks big, and they are unleashing more web based scams, on a larger scale than ever before. It's all about money, lots of money, obtained quickly and with minimum chance of getting arrested. Internet theft is mostly about data. That means either holding it for ransom (there are several ways to run an extortion scam on the net), or stealing it and reselling it. It's the latter vulnerability that scares counter-intelligence people. The current generation of military commanders know quite well, unlike their less PC experienced predecessors, what that vulnerability is. They know how easy it is for a PC to get infected with malware (viruses, worms and Trojan horses.) They know of military networks just crawling with that crap, and doing all manner of mischief.
The criminal gangs now specialize in hacking into networks and grabbing all the data found. They will do this for corporate "competitive intelligence" operatives, who are asked to get information about a competitors activities, "no matter what it takes." Many security officers in the military know that their networks are, if anything, less secure than those of General Motors or Walmart. All this is a security officers worst nightmare, because in most cases, you don't even know what's missing, or who's got it. You just know that you are vulnerable, and it would be nice if you knew how vulnerable you really were, but you don't.
The military gets some help from its own Cyber Warfare people, who use the gangster hacking tools (often bought from the hacker tool builders who sell to anyone who can find them) to break into terrorist (and other) networks looking for data. They run test breaking on American networks, and find most of them vulnerable. The majority of the military networks on the planet belong to the Department of Defense, making the United States the most at risk.
Those who have stolen data in this way are not going to advertise the fact. That's because they may still be doing it, or because there is an advantage in having something your enemy doesn't know you have. It will be years before the extent of the damage is known, just like happened after the Cold War ended, and the U.S. discovered how may successful spies the Soviet Union had inside America. So while you don't know the details now, you know what the headlines will say.