Download to the Danger Zone
It seems so innocent, downloading a game or other entertainment to pass the time during a tedious or stressful deployment. Yet, some of the dangerous cyber-critters that hitch a ride on many of those “fun” downloads make the fleas your dog brought home last summer seem like a welcome addition to the household.
Unauthorized downloads from unsecured sources expose your computer, your network, your data, your communications and everyone that depends on them to unnecessary danger. Some of these threats are only as annoying as fleabites. Others can bring down an entire network and delete or destroy mission critical data. Unfortunately, some people will never consider this a threat until it happens to them. Some recent incidents might make all of us reconsider that mind set.
A soldier at a military installation bypassed security safeguards on an Army computer to download and install a pirated version of a popular computer game. The pirated game included a malicious code that, without the user’s knowledge, caused the computer to launch denial of service attacks against a computer in a foreign country. This was only discovered because of routine internal security procedures. Hijacking computers via hidden code in innocent appearing software is a typical cyber terrorism tactic. Unfortunately, it is a very successful ploy because people continue to download without regard to potential cyber threats. This might be somewhat understandable for a naïve cyber newbie. However, for military personnel operating under rules and regulations (AR 25-2 for example) designed to prevent this, it is unforgivable.
Still, downloading a pirated game is an innocent activity in comparison to other situations. For example, an Army computer user downloaded extremely inappropriate and very illegal content over an extended period of time. This criminal activity infected the computer with a virus that quickly spread to shared network folders and wiped out a considerable amount of files. Once the results of the viral attack were discovered, an internal investigation isolated and eliminated the virus and led to the capture (and we can assume prosecution) of the culprit.
These examples are just two of many – far too many – occurrences of improper downloads leading to destructive and malicious consequences. Hidden code not only can infect a network or hijack a computer for remote attacks, it also can secretly transmit keystrokes or communications that lead to the compromise of sensitive data. It can render expensive and mission-critical computer resources useless. While there are well-trained and very diligent personnel constantly ferreting out these dangers, the amount of time, effort and resources it requires to clean up after a download-caused incident is an unnecessary and very preventable waste.
Unauthorized downloads are not simply a matter of bending the rules a little or getting away with some inconsequential mischief. The fact is that this activity is a fast track to cyber danger that can put critical military operations and personnel at risk.
The On Cyber Patrol © cartoon and supporting articles are created and made available by the U.S. Army’s Office of Information Assurance and Compliance, NETCOM, CIO/G6. For more information on the OCP program or to submit ideas for upcoming cartoons/articles contact firstname.lastname@example.org.