The United States Marine Corps has instituted an official ban that forbids its troops to access social networking sites while on duty. The Marine Corps defines social networks as "Web-based services that allow communities of people to share common interests and/or experiences (existing outside of DOD networks) or for those who want to explore interests and background different from their own." The ban specifically names MySpace, Facebook, and Twitter.
Social Worms, Viruses, and Click Scams
Besides the obvious need for Marines to be focused on their job while on duty, it's not hard to find more critical reasons for the Marines' social networking ban. As the Marine Corps points out, social networks "are a proven haven for malicious actors and content and are particularly high risk due to information exposure, user generated content and targeting by adversaries."
An Al Qaeda-inspired social networking worm may not have surfaced yet, but recent events make it clear that social networks can expose its users to malware. Twitter, for example, has been attacked several times by malicious software this year. In February, Twitter was targeted by a clickjacking bug that spread when users clicked on a link in a Twitter post, causing the message to be posted to that user's account. When a follower clicked on the message, the bug would spread. The clickjacking bug ended up being nothing more than a self-perpetuating annoyance, but it did expose weakness in Twitter's system. In April, a similar piece of malware called the Mikeyy or StalkDaily worm plagued the microblogging network.
In June, however, things got more serious when Symantec warned of a mass mailing worm using a bogus e-mail message that appeared to be from Twitter.com. The e-mail would encourage you to download an attached invitation from unnamed friends asking you to join Twitter. The scam was admittedly clumsy, but if you downloaded the invitation, the ZIP file would install a variant of the Ackantta worm on your computer. Ackantta has been used in the past to steal e-mail contact lists from infected computers, and the worm spreads through shared folders and removable drives. Aside from Twitter, Facebook and MySpace have also been vehicles for a variety of attacks, such as the infamous Koobface virus, the MySpace QuickTime worm, and assorted phishing scams.
Tech Leaks Happen
Considering the potential for encountering malware, it's not hard to see why the Marines would be wary of allowing access to social networks on corps computers. (Marines can still access social networking sites on private systems.) But despite this caution, confidential military information could still leak out. As Ken van Wyk, principal consultant at KRvW Associates recently told Computerworld, social networking sites are only one possible entry point. Other concerns could include intercepting e-mail sent from troops to family and friends, or even picking up SMS messages sent from cell phones.
It's not like the military hasn't experienced accidental leaks. In January, a New Zealand man discovered U.S. military files on a used MP3 player he'd purchased in Oklahoma. That MP3 leak was discovered shortly after the U.S. Department of Defense banned the use of USB devices, such as MP3 players, on its computers.
The MP3 leak may not have been the work of terrorists or other combatants, but the event shows that the risk of information leaks is growing as technology becomes more portable. With its social networking ban, the Marine Corps has decided to err on the side of caution over possible cyberthreats, but other branches of the military are still debating the issue, according to the U.S. military newspaper Stars and Stripes. In fact, and a little ironically, a debate about the role of social networks in the military is taking place on Facebook. It will be interesting to see if, in the coming months, other parts of the defense establishment follow the Marines' lead.