A U.S. Navy chief who wanted the internet so she and other enlisted officers could scroll social media, check sports scores and watch movies while deployed had an unauthorized Starlink satellite dish installed on a warship and lied to her commanding officer to keep it secret, according to investigators.
Internet access is restricted while a ship is underway to maintain bandwidth for military operations and to protect against cybersecurity threats.
The Navy quietly relieved Grisel Marrero, a command senior chief of the littoral combat ship USS Manchester, in August or September 2023, and released information on parts of the investigation this week.
Why the F were they broadcasting the SSID on a “secret” wifi network? That’s just asking to get caught. If they had hidden the SSID most people would never have known about it.
The worker still would have found it.
You can still see a WiFi network (and tell that it is unique from others) even when it’s not broadcasting SSID. It’s just one less piece of information available when someone is trying to access it.
Security through obscurity isn’t security, but it’ll keep neighborhood kids from trying to guess the password from across the street. On a warship? They’d have still seen it.
It took 6 months to discover, and even then it was by techs who went to physically install different hardware saw the dish hardware mounted to the ship. That’s the real WTF here, how do these ships not have some kind of passive RF scanning/rogue AP detection??
It was seen by regular enlisted people who saw the network on their phones and left comment sheets asking WTF it was, but the person in question snatched up the papers before they got to the officers. If they had hidden the SSID, nobody would have seen it because nobody scans for hidden SSIDs on their phones.
Yes but not as blatant as STINKY
Everyone with a smartphone would see STINKY and immediately get suspicious, while only techs would have noticed the hidden network and investigated on that
You’re expecting intelligence and competence from these people? The ones who thought it would be a good idea to violate a half dozen regulations to even install it in the first place?
Supposedly she was an information and IT specialist… Setting the thing up to not broadcast its SSID should have been one of the first things they thought of. But probably she didn’t know it could be done, which again speaks to her overall incompetence.
Extra fun is that the head chief never gave anyone else the password. She logged into each of the other chiefs devices.
She could have 100% also typed in the ssid at the time. It would have taken almost no extra effort.
You can view WiFi passwords for saved networks on pretty much every OS. There’s no reason to be secretive about entering WiFi passwords, at least to the people whose devices you’re entering the password on.
Indeed, I can share it from my phone via QR or just see the password plain.
She should have used eap-tls…
You think someone stupid enough to make all the above mistakes would be savvy enough to build PKI and a RADIUS server? You’re giving her too much credit.