Pentagon Employees Are Too Horny to Follow National Security Protocols

Authored by news.yahoo.com and submitted by boinger

A man in military camouflage fatigues shrugs.

Pentagon employees are using banned and unauthorized apps to find hookups, watch TikToks, and buy crypto on government phones and devices, according to a new Department of Defense investigation launched over fears surrounding TikTok. The list of what DoD employees are downloading in spite of bans includes dating apps, Chinese drone apps, third-party virtual private networks, cryptocurrency apps, games, and apps related to multi-level marketing schemes.

The Defense Department’s office of the inspector general audited government-issued devices, as well as the policies meant to protect the DoD from unauthorized and potentially dangerous apps. The investigation examined the DoD’s own special app store and found an undisclosed number of unapproved apps, and determined that employees are able to access any apps they want on government devices through the regular app stores available to consumers.

Some of the apps found on employees’ work phones have “known cybersecurity risks, operational security risks, [or] potentially inappropriate content,” according to the inspector general’s report on the investigation, released Thursday.

In a move that may jeopardize national security more than a lackluster Tinder date, employees are also using unapproved messaging apps to discuss Controlled Unauthorized Information, the government’s term for sensitive information that’s supposed to be safeguarded with special precautions and shared only in official channels, the report says.

“Personnel are conducting official business on their DoD mobile devices using mobile applications in violation of Federal and DoD electronic messaging and records retention policies,” according to the report. “DoD employees are downloading apps that could pose operational and cybersecurity risks to DoD information and information systems.”

The inspector general warns that employees have downloaded apps that “require access to a user’s contact list, location data, and photo library.” All that delicious data could reveal sensitive military information.

The Department of Defense did not immediately respond to a request for comment on how it plans to rectify the problem.

The report lists a wide variety of apps, including apps for fantasy football, online role playing games, messaging apps and “luxury yacht dealer applications.” Unfortunately, the report doesn’t mention whether Pentagon officials actually purchased any yachts, but it is fun to think about them planning their bomb strikes out on a weekend pleasure cruise.

The report is redacted to scrub the names of specific apps and the number of apps in question. However, from context clues and the size of the redactions it’s clear the apps number in the hundreds at least, if not thousands. Many of the other redacted or vague references are easy to interpret as well.

For example, in a seemingly obvious reference to TikTok, the inspector general writes, “Examples of applications with potentially inappropriate content include applications for the creation of short-form videos.” The military explicitly banned TikTok from government devices in January of 2020.

The report likewise describes two apps from a “Chinese commercial off-the-shelf drone manufacturer,” which is almost certainly DJI, the world leader in commercial drones. The DoD prohibits the use of commercial drones, and DJI’s devices and apps are specifically banned government-wide due to potential security risks and for the company’s alleged support of the Uyghur genocide.

Using Chinese drone apps “appears to be counter to DoD policy and could pose cybersecurity concerns,” the report said.

In theory, the same security risks that apply to TikTok would apply to DJI as well. By law, the Chinese government can force companies based in China to hand over user data.

The use of unapproved third-party VPNs is particularly alarming. Virtual private networks are meant to establish a secure connection between your device and the internet by routing all your traffic through an external server, which masks the data. However, the company operating the VPN can theoretically intercept all of the information coming to or from your device, which poses a significant risk for federal employees handling sensitive information. The report mentions the use of unauthorized VPNs but doesn’t go into detail about the problem or potential solutions.

The report goes into detail about the policy that let the problem get so out of hand. For example, the DoD has its own special app store, called the “Personal Use Mobile Application” store, or PUMA for short. However, PUMA includes apps that are “unmanaged” by the Pentagon’s IT department, and thus out of government control.

To make matters worse, government devices apparently just let employees go to the regular consumer app stores anyway, allowing employees to get around all those buzzkill security protocols. That gives DoD employees “unrestricted” access to apps “that could pose operational and cybersecurity risks,” the report said.

Apparently, the military’s ban on TikTok, DJI, and thousands of other theoretically dangerous apps amounts to a strongly worded email. The report argued that security training doesn’t go nearly far enough to protect government resources.

“The DoD’s mobile device and application training is inadequate, does not meet the policy requirements, and is not required annually,” the report said.

Update, Feb. 10, 3:41 p.m. EST: This story has been updated with additional information about the report.

Sign up for Gizmodo's Newsletter. For the latest news, Facebook, Twitter and Instagram.

Click here to read the full article.

Kiloku on February 11st, 2023 at 03:17 UTC »

the report doesn’t mention whether Pentagon officials actually purchased any yachts, but it is fun to think about them planning their bomb strikes out on a weekend pleasure cruise.

"fun" to think about is not how I'd put it

Pearse_Borty on February 10th, 2023 at 23:52 UTC »

Easy solution:

Standard-issue Playstation Portables.

You need porn? Download it at home. And the PSP stays off the network even if they drag in a virus. Boom.

Rebel_bass on February 10th, 2023 at 23:36 UTC »

Lol. I had to delete my cheap android smart watch app if I wanted to continue to use my personal phone on base, as a contractor. No biggie. How the fuck are idiots with clearance still using this shit?