A U.S. Navy chief who wanted the internet so she and other enlisted officers could scroll social media, check sports scores and watch movies while deployed had an unauthorized Starlink satellite dish installed on a warship and lied to her commanding officer to keep it secret, according to investigators.

Internet access is restricted while a ship is underway to maintain bandwidth for military operations and to protect against cybersecurity threats.

The Navy quietly relieved Grisel Marrero, a command senior chief of the littoral combat ship USS Manchester, in August or September 2023, and released information on parts of the investigation this week.

  • teft@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Why the F were they broadcasting the SSID on a “secret” wifi network? That’s just asking to get caught. If they had hidden the SSID most people would never have known about it.

    • 4am@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      You can still see a WiFi network (and tell that it is unique from others) even when it’s not broadcasting SSID. It’s just one less piece of information available when someone is trying to access it.

      Security through obscurity isn’t security, but it’ll keep neighborhood kids from trying to guess the password from across the street. On a warship? They’d have still seen it.

      • kalleboo@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        2 months ago

        On a warship? They’d have still seen it.

        It took 6 months to discover, and even then it was by techs who went to physically install different hardware saw the dish hardware mounted to the ship. That’s the real WTF here, how do these ships not have some kind of passive RF scanning/rogue AP detection??

        It was seen by regular enlisted people who saw the network on their phones and left comment sheets asking WTF it was, but the person in question snatched up the papers before they got to the officers. If they had hidden the SSID, nobody would have seen it because nobody scans for hidden SSIDs on their phones.

      • Wispy2891@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        Yes but not as blatant as STINKY

        Everyone with a smartphone would see STINKY and immediately get suspicious, while only techs would have noticed the hidden network and investigated on that

    • catloaf@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      You’re expecting intelligence and competence from these people? The ones who thought it would be a good idea to violate a half dozen regulations to even install it in the first place?

      • Subverb@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        Supposedly she was an information and IT specialist… Setting the thing up to not broadcast its SSID should have been one of the first things they thought of. But probably she didn’t know it could be done, which again speaks to her overall incompetence.

    • mosiacmango@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      Extra fun is that the head chief never gave anyone else the password. She logged into each of the other chiefs devices.

      She could have 100% also typed in the ssid at the time. It would have taken almost no extra effort.

      • CalcProgrammer1@lemmy.ml
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        You can view WiFi passwords for saved networks on pretty much every OS. There’s no reason to be secretive about entering WiFi passwords, at least to the people whose devices you’re entering the password on.

        • ABCDE@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          Indeed, I can share it from my phone via QR or just see the password plain.

          • foggenbooty@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            2 months ago

            You think someone stupid enough to make all the above mistakes would be savvy enough to build PKI and a RADIUS server? You’re giving her too much credit.