A U.S. Navy chief who wanted the internet so she and other enlisted officers could scroll social media, check sports scores and watch movies while deployed had an unauthorized Starlink satellite dish installed on a warship and lied to her commanding officer to keep it secret, according to investigators.
Internet access is restricted while a ship is underway to maintain bandwidth for military operations and to protect against cybersecurity threats.
The Navy quietly relieved Grisel Marrero, a command senior chief of the littoral combat ship USS Manchester, in August or September 2023, and released information on parts of the investigation this week.
There’s a much bigger story here.
Think about how hard it was to discover this access point. Even after it was reported and there was a known wi-fi network and the access point was known to be on a single ship, it took the Navy months to find it.Starlink devices are cheap and it will be nearly impossible to detect them at scale. That means that anyone can get around censors. If the user turns off wi-fi, they’ll be nearly impossible to detect. If they leave wi-fi on in an area with a lot of wi-fi networks it will also be nearly impossible to detect. A random farmer could have Starlink in their hut. A dissident (of any nation) could hide the dish behind their toilet.
As competing networks are launched, users will be able to choose from the least restricted network for any given topic.
But why was it hard? Surely they’re accessing it w/ wifi, and scanning for wi-fi networks really isn’t that hard. A military ship should have a good handle on what networks they expect, and they should be able to easily triangulate where the signal is coming from.
Also, military ships should have really strict accounting for what is brought on board. A Starlink receiver isn’t particularly small, and it should be plainly obvious to security when that comes on-board.
I think it’s awesome that Starlink is so accessible for the average joe, but that’s a completely different topic than what’s allowed on military property. This sounds like a pretty big, embarassing security fail for the US military, and more people than this individual should be reprimanded, if not fired.
It was the Chief of the ship who installed it. She was the highest ranked enlisted person on the ship. She would have the access and ability to get just about anything on board that she wanted. The fact she was able to is easy to see. The fact the she was willing to and has obtained such a high rank is pretty impressive (and stupid).
The original article goes into more detail https://www.navytimes.com/news/your-navy/2024/09/03/how-navy-chiefs-conspired-to-get-themselves-illegal-warship-wi-fi/
It sounds like there were over 15 people in on the scheme. At some point people noticed that there was some wi-fi network called “STINKY” and rumors started circulating about it. It took a while for those rumors to reach senior command. Then they changed the name to make it look like a printer, which further delayed the investigation.
It doesn’t look like they actually scanned for the access point. I suspect that’s because it would be hard on a ship. All the metal would reflect signals and give you a ton of false readings.
They only eventually found it when a technician was installing an authorized system (Starshield seems to be the version of Starlink approved for military use) and they discovered the unauthorized Starlink equipment.
The Starlink receivers have gotten fairly small. It seems like that was pretty easy to hide among all the other electronics on the ship.
So it’s collusion by the people who should be monitoring for such things? Or just collusion by people in some position of power, but who aren’t in charge of network security? I don’t know much about the positions these people held.
Anyone directly involved should certainly be considered for disciplinary action, but there should be more safeguards here.
The person the article is about was a Chief, and the highest ranked enlisted person on the ship. She would have the respect of all the enlisted members, as well as all the officers. She would be trusted to do her job and not do something stupid like this. She easily had the ability to do this, but you wouldn’t expect her to.
The original article said the Navy hadn’t provided all the details.
It looks like those 15+ people included at least one person who should have been monitoring for such things and a bunch of people who wanted to follow sports.
They didn’t give the password to most of the crew and they tried to keep the commanding officers in the dark. It sounds like everyone involved faced disciplinary action.
Those chiefs and senior chiefs who used, paid for, helped hide or knew about the system were given administrative nonjudicial punishment at commodore’s mast, according to the investigation.
It looks like that’s an administrative process. https://jagdefense.com/practice-areas/non-judicial-punishmentarticle-15/ Potential penalties are listed near the bottom.
Unless they just turn the satellites off over the country’s that don’t want them to avoid conflict or jam all signals because they do be that way.
We’re likely to see a variant of Moore’s law when it comes to satellites. Launch costs will keep going down. Right now we have Starlink with a working satellite internet system and China with a nascent one. As the costs come down we’ll likely see more and more countries, companies, organizations and individuals will be able to deploy their own systems.
A government would need to negotiate with every provider to get them to block signals over their country. Jamming is always hard. You could theoretically jam all communications or communications on certain frequency bands but it’s not clear how you would selectively jam satellite internet.
Kessler Syndrome trumps this application of Moore’s Law.
Maybe.
Kessler Syndrome doesn’t impact the ability to produce or launch satellites.
It impacts the ability of satellites to function in orbit but it’s not a fixed limit.Humans have a pretty good track record of developing technologies that break through insurmountable theoretical barriers.
it took the Navy months to find it.
I’m surprised they didn’t hide the SSID… It’s likely nobody would have even found the network then.
The original article says there were over 15 people involved https://www.navytimes.com/news/your-navy/2024/09/03/how-navy-chiefs-conspired-to-get-themselves-illegal-warship-wi-fi/
With that many people, it’s only a matter of time before someone spills the beans.
There are several steps they could have taken to make it much harder to discover. I expect more and more people will take those steps and we’ll never hear about it.
Effectively they did through obfuscation. The Command Chief renamed it to look like their wireless printers. She did that because so many more junior people (relative to the Chief’s Mess) complained that the officers tried to check (with their phones) for some wifi Internet. They couldn’t find it because they thought it was a printer. The Command Chief is obviously trusted since she’s the most senior enlisted but she’s also the one that lead the entire scheme. When asked directly by the Commander, she denied it existed, so after not finding it, they just assumed it was a rumor. So, they had a ship-wide call and told everyone that there was no rogue Internet access point on the ship.
It took months because when a tech from a port they were at was installing a Starshield transceiver they physically saw the Starlink transceiver.
Oh, but there’s more. Starlink will be offering 5G via satellite soon.
I had (naively) hoped that starlink wouldn’t even need a license to operate in a specific country. When their satellites eventually fully communicate between them without ground station it becomes incredibly powerful. Sort of like one of those ancient world wonders. Technology now allows to live and work everywhere in the world or on the ocean in seasteads.
Unfortunately it’s owned by greedy oligarchs and the planned multiple constellations make a kessler syndrome more and more likely.
I’m wondering how wifi worked at all. Aren’t navy ships like pure steel? How did the wifi signal get through all that?
No.
These are aluminum.
Similarly the antenna was mounted on the tower above decks like the rest of the communication equipment.
There will be more than a firing, chiefs arent often walking the ropes near the antennas so there has to be accomplices and they’re almost certainly going to be charged with a national security violation since starlink has two way com and thusly Elon likely knew it’s location at all times.
The trimaran aluminum hull will allow flight operations up to sea state 5.[11]
Ed: to be clear they ended up being some of the worst ships America had ever produced.
In the navytimes article, they said some of the Cheif’s Mess installed a bunch of wired ‘repeaters’ all over the ship (probably wireless access points and not repeaters though).
“…the littoral combat ship…”
I don’t know what this is. But it sounds like the ship should be “manned” by women.
of, relating to, or situated or growing on or near a shore especially of the sea
Cool thanks. Does everyone already know this and I’m the only one who has never heard of this before?
No, but it’s pretty easy to look up unfamiliar words.
I littoral-ly thought it was a typo
Pretty obscure term. Don’t beat yourself up.
Good that’s a severe risk she* put everyone and the ship in. It was 17 officers in total and they attempted cover up
She
First off, not an officer, a high ranking enlisted(E-8) personal was the culprit.
Second, she was a Information systems technician. She literally dealt with making sure communication was safe and secure.
I know congress has to be involved to knock her down below E-7 but they need to get on that.
A CMDCM, so an E9. No Congressional approval is needed to bust down an E8 though.
So she was an NCO and the writter was clueless. Ok.
And for that kind of opsec fuckup there really shouldn’t there be discharge/prison time ?
If the military imprisoned soldiers for being dumb, there would be no military.
Exactly. You only imprison people for malicious actions. If they’re just dumb, demote and reassign elsewhere.
What this NCO did was not dumb; it was calculated and intentional violations of multiple rules and regulations they (and the others involved) knew very well. Then they tried to cover it up when people started asking questions.
Absolutely no sympathy for them in my book. These are supposed to be the leaders other enlisted look to emulate.
First off, not an officer, a high ranking enlisted(E-8) personal was the culprit.
Typically, anything E-4 or higher is considered a Non-Commisioned Officer.
EDIT further clarification: from my experience in the Canadian Army, what “Officers” means depends on context. Most often (and what !Bluefalcon@discuss.tchncs.de probably meant) it means just Commissioned Officers. Other times, it’s anyone in leadership, including NCOs.
I totally understand where you’re coming from. It’s absolutely not uncommon to casually refer to high-rank NCOs as Officers (in Canada at least)
[Source: Family in CAF and RCMP]
Very uncommon to refer to NCOs or SNCOs as officers in branches of the US military that I have experience with. Interesting about Canada though, I wonder what other countries do
Guess what the letter O in NCO is, dummy.
The N also stands for Non
The term officer, alone, as it stands in the headline, is reserved for commissioned officers. No one in the military would assume that headline was referring to an NCO.
How the fuck did she think this was anything close to a good idea?! This shows a profound lack of good judgement, and a huge failure of both respect for her job and for the safety of the crew.
Yeah true, but tiktok
Many people are bad at delayed gratification and long term thinking.
Especially in the military. That said, she was pretty high-ranking, so surely she’d been around long-enough to know that wouldn’t be okay.
Chiefs are enlisted, not officers. C’mon, AP, this is like day one stuff. Despite the name “petty officer” and term “non-commissioned officer”, there’s no such thing as an “enlisted officer”.
Also, “stinky” was the default SSID on Starlink, not a secret code word they came up with.
Was gonna call you out for messing that up; warrant officers are officers, they just started out as enlisted men.
Then I realized we are talking navy ranks, and my best knowledge of that is from halo.
Enlisted dont even have ranks, they have rates. They also have a rating, which refers to your role, I.e the job you do.
Yes rates are used most of the time in forms of address. However you do have a rank, for example E-5 or Petty Officer Second Class. However when addressing enlisted you’d usually say something like CTM2, IT2 etc… Until you hit chief then you are just called Chief, or senior if you are a Senior Chief, Master Chief doesn’t get abbreviated to Master for obvious reasons, and MCPON is usually referred to as “mic pon” phonetically for Master Chief Petty Officer of the Navy.
Enlisted dont have rank in the navy, just rates. Check the article I posted.
They have pay grades, rank and rates in the Navy, though there are actually also unrated enlisted that get all assigned all the crappiest jobs until they get assigned a rate.
Enlisted only have rates, not ranks. It’s a weird navy thing. Enlisted also have “ratings” which is your job, I.e aviation tech, boatswan, etc.
Youre also talking about firemen/seamen/constructionmen/etc. These roles are e-1 to e-3 and have a rate, but not a rating.
In my experience, no one knows the rank/rate distinction and everyone just refers to rank. It’s not something they explain well.
OK, let me just break this down for you. Rates are a job in the Navy. For example, in that wikipedia article, a Fireman recruit is a rate – their job. Their rank would be a Seaman Recruit. Their paygrade would be an E-1.
In your example, a Constructionman would be an E-3. Constructionman would be their rate. Their rank would be Seaman.
You can see this better at https://www.defense.gov/Resources/Insignia/
They don’t list rates, because there’s many, many, many different jobs in the different branches. The Navy is odd in that they usually refer to each other by rates, not ranks. In every other branch, people usually refer to each other by rank and not their MOS/AFSC/Whatever. It would be weird in the USAF for example to refer to some Airman First Class as 2A33C or whatever.
You can see this further explained at https://www.military.com/navy/enlisted-rates.html where they list the rates and talk about them but then they list the ranks and talk about them. They are tied together by paygrade.
And once again, in the US Navy, an enlisted person can literally not have a rate and be called Unrated until they are assigned a rate. Usually this happens to very junior enlisted.
E-5 is a pay grade. PO2 is a rate.
Colloquially, you could call PO2 a rank, but strictly speaking it’s a rate, because the Navy has a lot of jargon for historical reasons.
Again, my best knowledge of navy terminology comes from halo. Rank is th e term used in the army.
Yes, warrant officers are commissioned though. (Technically the most junior rank of Warrant Officer is a warrant from the branch secretary, not a commission, but it’s effectively the same. All other warrant officer ranks, Chief Warrant Officer 2 and up, are commissioned by the president.)
Hence the officer in the title, yes.
Warrent officers are also generally insanely talented motherfuckers that had too much disdain for the bureaucracy of the military to start over as an 0-1, and instead sit in a weird middle ground of “so much talent they were elevated up to officers from the enlisted ranks by direct request.”
That means that they are right, and you are wrong, and I mean that with complete respect.
The link below this parent with the pics shows tweets from Musk saying the point of naming it STINKY is to encourage customizing the name. I guess not everyone knew their LinkSys ID # in the dorms and/or doesn’t immediately turn their wifi into a pun. Just in case anyone else found that default name to be suspicious. They’re supposedly now back to just starlink
Imagine being such a selfish piece (s) of shit that you put the operational security of every single one of your crewmates in jeopardy
for social media.Every single person involved in this needs to stand tall before the man.
Navy isn’t blameless either, the fact that they needed to do it at all means the Navy failed to provide a vital moral service even though they have plenty of options.
I was in the Navy years ago, the official options for connecting on board when underway was an exercise in frustration just to get some time on the limited number of computers and when you did it was like 30 minutes you got with something around <1 Mbps.
From what I hear from friends still in, nothing has improved in years.
Instagram is a “moral service”?
I think you meant “morale” instead of “moral.”
deleted by creator
First of all, chill lmao. Second, I’m not saying it’s like 50/50 its more like 95/5, they absolutely shouldn’t have done what they did but big navy is not entirely blameless. As chiefs they were probably at 15,16,17+ years in and had already dealt with most of the BS they could have ridden it out to retirement lol They’re going to get what they deserve.
But had Big Navy actually cared about providing a decent upgraded official service to its sailors, this probably would never have happened.
I was in the Navy and I know exactly how the service that is actually provided is and I’m entirely unsurprised by this. Actually I take that back, I am surprised that it took this long to happen. I also know exactly how leadership treats moral services for its sailors (especially sailors on board ship), if it costs money it’s going to be nothing but lip service. It’s a big reason I opted to separate as soon as I could.
I was confused at first trying to read your comment and just wanted to let you know that in this context it’s spelled ‘morale’. Like “The team had high morale.”
The way you spelled it is like “That man has a good moral compass.”
I don’t mean to be rude, just wanted to let you know.
They chose to do this, thus they have all the blame.
Serious question: Was this actually a likely or possible security risk?
Yes, it is a likely risk. Having an unauthorized broadcast signal is a security risk because it can be used to locate and target the ship, allows for crew to communicate with the outside world without the oversight that they would normally have, and is outside the control of the ship’s command.
There are many valid reasons for the military to be limited to authorized channels for communication.
Very yes. They could reveal their location for starters, which could spoil a mission and put lives at risk, but if they use the same device on both this and the ships network, you risk compromising the ship’s network or even the Navy itself, giving our enemies all kinds of sensitive info.
We are in the midst of a world war being waged in cyberspace and the US is losing. Incidents like this are a genuine threat.
I was assuming they had their own hidden network going. I can’t imagine they would be dumb enough to mess with the existing ship network.
There are regular unprotected Internet channels, and then there are secure networks like SIPRNet. Devices must not arbitrarily cross from one to the other. That’s where a leak can happen. That’s one thing I learned working for a company with an Army contract 20 years ago. Once a device was set up for secure access on the military network, our policy was to never have it touch the civilian Internet again. It had to be 100% verified destroyed at the end of its lifetime. I don’t know details of how they handle it these days with mobile devices everywhere.
Wow that was super interesting! Thanks!
Doesn’t really change much.
You NEVER connect to sensitive resources via wifi. Different orgs and levels have different rules about whether a device capable of wifi can even be in the same room, but the key is to not connect it to the secure network. This is commonly referred to as “an airgap”. And if you are wondering how different ships can communicate with each other and The US? Don’t ask questions!
For less sensitive resources? YOLO that shit. But it is also incredibly trivial to set up a security model where users cannot connect to arbitrary networks.
So StinkyNet would, presumably, only be usable by personal devices. Which should have absolutely nothing sensitive on them to begin with. And if anything on any of the ship’s sensitive networks was even able to connect to StinkyNet then… the Navy done fucked up.
Which… might explain the rapid action to punish those who violated policy.
I don’t know the exact details of their setup but I would imagine if they have phones on the ship there’s a network they can connect to on the ship that’s not their starlink internet.
Aside from being able to possibly identify the starlink waveforms with passive RF surveillance or being able to identify the location of the ship through hacking spacex or their satellites, if they went back and forth between being connected on their phones to the ship network and the internet, their phones could have been compromised, leaving the possibility also of them being a perfect pivot point for hackers interested in exfilling important government secrets.
Overall just very bad opsec for a ship and definitely not a good idea.
Important government secrets will be strictly separated from personal/civilian devices. The only classified information being transmitted by personal devices is the location and human knowledge of the owners.
Yes, right up until someone plugs in the wrong cable, sends an email to the wrong person, or plugs the wrong hard drive into a system. Then your phone rings and you have to talk to people you never want to talk to.
It was on its own hidden network, if it was on the existing network it would have been discovered a LOT sooner
Anything Elon Musk can track is probably a security risk until he stops being the most divorced person to ever exist.
*until he stops to exist
Itself? Not really.
If a ship is close enough to pick up an SSID they are close enough for any number of other methods. And starlink is theoretically trusted by the us government.
But if they were actually locked down for a real mission (not the stuff you do to make people feel important) then we could have seen the same kinds of telegram leaks Russian has near constantly.
The GPS is recording where they are, which can report to things like fitness applications. These are not so secure and can identify where they are, have been, and likely will go next.
And if there is not immense amounts of “do not have a fucking fitbit” levels of warnings and policies, that is a problem for the US Navy itself. Because a lot of those will also cache data and send the last N days once they get back to shore.
Again, unless they were ACTUALLY doing sensitive stuff (rather than just “sensitive by default” to protect Leadership™ from having to think and make decisions) then we are looking at the same problem the russians have in Ukraine.
Otherwise? It is a policy violation, not a security violation, in and of itself. What people then share on social media is on them.
And a friendly reminder: Policy is made to minimize the risk of a security issue and you should follow it (if only because you are paid to). But it is VERY important to understand what you are actually protecting yourself from so that you understand if policy is even doing anything. Otherwise you get complete insanity as more and more bureaucrats and Leaders™ add bullshit so they can get a bonus for being “security minded”.
So massive that everybody involved needs to do time
I’d imagine the receiver’s location could possibly be tracked, but the bigger thing of restricting communications to officials channels while on duty is to ensure anyone on the ship doesn’t let slip sensitive information that could compromise the mission or ship’s safety.
Yes. If it became connected to any ship network, that network is now on the Internet and not protected by the regular firewall.
deleted by creator
Marrero’s official Navy profile is still up as of right now. Everything is peachy keen! []https://www.surfpac.navy.mil/Leaders/Biography/Article/3152697/cmdcs-swexwiwaw-grisel-marrero/ EDIT: fixed link
She seems nice.
Something is wrong with that link.
Fixed, thank you!
You still have some unnecessary
[]there. Either remove, or you can use this format:[pretty text](https://link.goes/here).The link now works correctly. Does an extra [] matter?
It’s visual clutter, and it’s possible some apps would have issues. I was just pointing out the proper syntax for future posts.
Ok.
