Learn about Linux
Download Linux
Get Linux helpSpecial Offers
Feature: Government
US military is blocking Slashdot and SourceForge.net
Share
Print
CommentsThe bottom line, courtesy of Air Force spokesperson Captain David W. Small, is that the Air Force does "block Web sites to restrict use of the Web to official business and in accordance with specific guidance in AFIs." An AFI is an Air Force Instruction, basically policy or guideline from the Air Force that must be followed.
Small went on to write that the Air Force is using a filtering Web proxy to block sites:
The AF uses a standard Web proxy tool called Blue Coat. It's installed at every base in the network control center and at the major command level in the Network Operations and Security Center. We block many different categories of unofficial Web sites (see the attached spreadsheet for categories blocked by Air Combat Command).
Some are specifically prohibited by AFI 33-129 or AFI 33-119. [Blue Coat's partner] Secure Computing maintains the list of Web sites that fit into each category and they update the lists as part of a subscription service.
Base network control centers can add/delete specific Web sites to a local access/block list to enable them to quickly block known problem sites (like phishing sites) or to open Web sites for access if someone justifies it for official use.
We have plans to deploy the capability to move this local access/block list to the enterprise level across the AF within the next two years as part of our infrastructure upgrade program. Air Combat Command has already moved this local access/block list capability up to the enterprise level. They do the ad hoc access/block actions from their level for all of their bases. It enables them to block problem sites very quickly.
I asked Blue Coat if any of our OSTG sites were being blocked by default by their filters. Spokesperson Nikolett Basco replied:
Secure Computing Corp. provides SmartFilter Web filtering software to organizations worldwide. SmartFilter allows organizations to customize their Internet experience based on their specific needs.
We classify Internet content into over 73 different categories so that customers can chose, by category, what types of Web content they want available to their organization.
However, just because a site is categorized, does not mean it is automatically blocked. Any SmartFilter customer can reclassify any site they wish. Each organization defines its own policy. Secure Computing has no control over, or visibility into, how an organization implements their filtering policy.
I used the Blue Coat Site Review Tool to check several OSTG sites. SourceForge.net and freshmeat.net are both categorized as Computers/Internet, Slashdot.org is miscategorized as Newsgroups, but is also included as Computers/Internet. NewsForge.com is in the News/Media category. While none of those categories is especially heinous (except News/Media, of course), it appears that some of those sites are being blocked by at least some military commands around the world.
I spoke to an Army National Guard officer, for example, who recently returned from Afghanistan. He told me that Slashdot.org was banned by his command when he first arrived for duty there, but that he was able to get it un-blacklisted during his tour of duty.
As to OSTG sites being blocked here in Central Texas, the Lackland AFB Public Affairs office declined to answer my email or return my phone calls asking for information on whether specific OSTG sites are being blocked, and if so, why they are. But the AFIs cited by Captain Small in his reply indicate that they should be blocked in any case.
AFI 33-129, dated February 3, 2005, covers "Web Management and Internet Use." Among other things, it specifically prohibits the downloading of "freeware/shareware or any other software product without Designated Approving Authority (DAA) approval." Since providing access to free/open source software is the primary function of sites like SourceForge.net and freshmeat.net, blocking access to them is understandable.
Chat rooms, IRC channels, and other public forums are also directly forbidden. The AFI stipulates that "Participating in non-DOD or nongovernment 'chat lines,' 'chat groups,' or open forum discussion to or through a public site, unless it is for official purposes and approved through the Global Information Grid (GIG) Waiver Board" is prohibited.
AFI 33-119, dated January 24, 2005, which covers "Air Force Messaging," explains the reports of commercial Web mail sites being blocked. It specifically prohibits "Accessing commercial Web mail accounts and instant messaging services (i.e., Yahoo, AOL, or MSN mail accounts)."
Note that the regulations govern "official use," so Air Force personnel may be able to browse blocked sites if they're able to connect to another network using personal computers.
Catching more than intended?
The categories of sites blocked by the Air Combat Command, which Captain Small indicated will probably become the Air Force standard by next year, contains some ironic entries. Cited as an example of sites blocked for "Game/Cartoon Violence" is none other than America's Army -- a game commissioned by the Army itself.
Remote Access is another no-no according to the block list. Why? Because "sites in this category provide information about gaining remote access to a program, online service or an entire computer system. While often used legitimately by people who want to use their computer from a remote location, it also creates a potential security risk. Backdoor access is often written by the original programmer."
Cited as an example of these nefarious villains is none other than the TightVNC site.
Of course, TightVNC is double-bad, since it is also free, and sites that provide shareware and freeware are banned. The example given for this category in the spreadsheet of blocked categories is Tucows.com.
And, finally, Internet newsgroup sites are banned as well. That ban, coupled with Slashdot's miscategorization by Blue Coat as a NewsGroup site, helps explain why that site cannot be accessed by our armed forces in many places at home and abroad.
Censorship is tricky business, no matter how well-intentioned it may be.
Comments
on US military is blocking Slashdot and SourceForge.netNote: Comments are owned by the poster. We are not responsible for their content.
Now, that said, I don't believe that sites like NewsForge and www.linux.org should be banned. On the contrary, if more DoD personnel read such sites, they might be inspired to lobby from within for more widespread usage of Free Software, just for the security benefits alone. NewsForge, from what I can tell, provides *links* to Free Software, not the Free Software itself. Tucows, I can understand. Cult of the Dead Cow, I understand. "System cracker" sites, I certainly can understand.
I can even understand the general ban on "freeware/shareware" sites. Why? Simple; most people, certainly to include DoD employees, do not understand what they're doing when they install software, be it Free Software or not. You can create a nice, big vector for attack if you install something like VNC on your box and misconfigure it "to let my colleagues share data with me." Oops.
This applies to any organization, not just the US military. Whenever I build a network, I do *NOT* give users root/Administrator access to their boxes by default. I grant such access only when directly ordered to by the boss, and then only to the VIP's for which the boss specifically makes me do this. Of course, VIP's are typically uber-clueless with computers and are often quickly "owned" as a result, thus compromising the network as a whole. AARGH!
BTW, installing TightVNC on a military computer would get a person absolutely nowhere, considering you'd have to get through several levels of firewalls and routers to actually connect to an internal machine.
Face the facts, SmartFilter is the next logical step towards a global totalitarian regime.
Is that a black helicopter in whisper mode?
Which part of the military having a stringent network use policy suprises you. And what is surprising about learning that it is not perfectly implemented?
Imagine the comments if this bunch learned that the military did not care at all about internet security or what people funded by tax dollars did with their time while at work?
Why block? Because it prevents users from abusing of the service. Schools have been doing that for a bit now, business organisations do that too. Why not the airforce?
Why (!block)? Because it's limiting freedom.
What would be best? That's left to the organisation to decide.
I'm surprised to learn they started blocking websites, I would expect it to be done already.
--
Michael Shigorin
But, like the article states, this is slightly different at each base. So, the title should read "some branches of the us military, at some locations, block some websites". But I suppose that's not as sensational.
Anyway, the entire article strikes me as quite pointless. It's not like a large organization using web filtering technology is exactly newsworthy - unless you're stuck in the early 1990's I suppose.
Also, if someone uses the blocking of certain internet sites as a part of their security policy then they are in over their head.
It's not as if the US Military can *sell* any software they write. It has to be secret or free !
That right folks, FREEDOM!!!!
Remember that you read it here first,<nobr> <wbr></nobr>....(or not).
So, forget your daydream on freedom, money numbers and silly ads slaves. Even on public forums like this... just forget it and don't ever think what are you living for.
--
Michael Shigorin
"Censorship is tricky business, no matter how well-intentioned it may be."
No. Censorship, no matter what its claimed purpose, is always wrong.
But there's no moral problem with censorship when it's used to restrict access to resources owned by the censor. You have freedoms, but I don't have to let you exercise them in my living room.
Redacting the name of an undercover officer in the records of a police investigation is censorship. But it's not wrong - unless you've got something against the use of undercover investigations.
And not everything that gets labeled as censorship is really censorship. After all, the military bases are simply saying "not on our network" rather than "not at all."
If you want to live in the world of Zarqawi and Zawahiri, be my guest. But you damn well better not demand the same of me.
Slashdot.org does a port scan on every host that originates a port. My employer's intrusion detection system, not surprisingly, perceives this as the beginning of a potential attack on us, and automatically blocks the site. I don't know if other OSTG sites behave similarly, but if they do, this may be the last time I get to read NewsForge<nobr> <wbr></nobr>:-)
Since the article never provided any proof or confirmation that the content filters were blocking it, I consider it equally possible that it is not a government conspiracy to suppress certain types of information, but rather a reasoned response to a potential network attack by an organization who, we hope, should be paying close attention to this kind of thing.
You may be overestimating your own importance if..
Posted by: Anonymous Coward on May 19, 2006 03:44 PMIt's really no different than corporate America...
I haven't been to a base yet that blocks Slashdot or Sorceforge. I also have had at least 5 years of system administration experience and have an insight as how the Network Communications Centers (NCC) work on military bases. Since it appears that the sites are only blocked in San Antonio, it's a local policy there. It's possible that there is a valid reason why the sites are blocked. I know from personal experience that certain projects are blocked from Sourceforge because they have been classified as games, chat, or other related topics. Since, by regulation, anyone utilizing a military system may not download or install unauthorized software many sites are blocked in an effort to avoid that very thing from happening.
This must not be seen as a free speach violation or some other conspiracy by the government, but as an attempt to maintain some semblance of security. In the past, the military has had numerous problems with virus outbreaks because of unauthorized software being downloaded and installed. I'm positive that many companies also block many websites because of their potential to cause problems on their respective networks, or simply because it clashes with that company's acceptable use policy.
The military does provide a process to allow websites to be unblocked if a valid reason exists. Some websites are also blocked just because the rule set of proxy server filter system keys on particular words and/or phrases, such as vulgarities (which Slashdot is occasionally guilty of - almost entirely from comment posts). A website can also be blocked because bandwidth is used by traffic from that site. I would imagine that traffic from Slashdot wouldn't take up any noticeable traffic, but Sourceforge certainly has the potential for a lot of bandwidth.
I'll positively state that Slashdot and Sourceforge are not the targets of any kind of military or government blocks. I'm sure that other sites have been blocked either intentionally or unintentionally by different bases for different reasons. Each NCC has a certain amount of autonomy in that respect. Each NCC will act in a manner that they perceive as appropriate for their military installation.
I also must point out that the government and the military use open source projects. I can attest to this since I work on the best known open source project in my job - linux.
Hopefully this story won't be spun into something that slights the military just because one military installation has Slashdot and Sourceforge blocked. It is indeed unfortunate that those two sites are blocked at all. I love reading Slashdot and I routinely download software from Sourceforge.
Military who want to play around on the net should do it on their own personal time with their own computer and internet connection. The only exception should be for those serving in hardship places like Iraq but the activity should still be done during off-duty hours.
Texas has an awful lot of military dirtbags stationed there who spend way too much work time surfing the net. If these people are so underutilized, kick them out or send them over to the Middle East.
Doug Skinner
Stupid military trash...
Ahhh<nobr> <wbr></nobr>... I see<nobr> <wbr></nobr>...
COMMIE BASTARDS!!
It is appalling that people could be so completely left-liberal blind to logic not to realize that things like an open software policy with MILITARY computers and installations would be a NATIONAL SECURITY RISK. Oh, of course you can be flip and silly and trot out any number of harmless programs -- that's obviously not the point -- the point is what about the 1000's of trojans, etc., as well as the obvious route of attack against the military if there WERE an "open software" policy.
BTW, sorry for posting under an anonymous account, but I can't bother registering at every one of these sites. But I don't mind signing:
Brad Aisa
baisa "at" brad "dash" aisa "dot" com
1. To kill innocent people.
2. To waste taxpayer money.
3. To deafen soldiers with all the yelling, screaming, and other loud noises.
4. To teach people to obey orders without questioning.
5. To teach people that it's wrong to think for themselves.
6. To take over the world, stealing it from others.
7. To look like big heroes when they are really just bullying other people.
8. To maim innocent people.
1. much to our dismay innocent people die in war. However, unlike our enemies, the innocent people are not targeted and numerous times attacks will not take place so the innocent can live. This has the potential to allow the enemy to go free to fight another day.
2. Taxpayer money gets wasted everywhere, military included. Also it pays for the retirement of our representatives while we pay in to Social Security that isn't very secure. So moot point.
3. There are measure provided for troops to prevent this and if the damage is still done they are duly compensated for it. And bullets flying over your head, bombs blowing up around you tend to be pretty damn noisy.
4. needed when bullets are flying over head and bombs are blowing up around you if you want to live.
5. wrong, I lost count how many times I was told as that to survive you must think.
6, 7, and 8. All based on your opinion. My opinion is that it is far from the truth, I know because I was there. I would like to congratulate you on using your freedoms to express your views, however controversial they are. You are brave for doing so. Just keep in mind that in a lot of countries speaking out is punishable by death, even drawing offensive cartoons of religious figures can be punishable by death. This is a very real freedom that is forbidden in other countries. We have it because of our military. Just food for thought.
Jeff Ritter
former U.S Marine
Afghanistan Vet
Quote from <a href="http://linux.coconia.net/gentoo/2005.htm" title="coconia.net">http://linux.coconia.net/gentoo/2005.htm</a coconia.net>
I imagined that a lot of people would be interested in this information (a quick and informative guide to installing Gentoo) and started a thread about it at the forum <a href="http://forums.gentoo.org./" title="forums.gentoo.org">http://forums.gentoo.org./</a forums.gentoo.org> To my great surprise, it was deleted (well, actually, it was moved from the installation section, to some hidden corner of their site). So I started another thread, with the same result. This time I was informed that the thread had been moved because the topic had been dealt with in some other post (that had also been quite deliberately hidden away from public view). I repeated this process some 7 or 8 times. Then they banned me.
Think about it, the Gentoo people were so desperate to remove my posts from view, that they hid 7 threads, using 7 times the disk space, rather than have one visible to the public. Actually, the last thread was locked and it quietly sunk out of sight. Since it was doomed to be lost among unvisited/unread pages, the administration felt no need to move or delete it, as they had the other threads. Besides leaving the locked thread there for a few hours was "proof they were not involved in censorship."
So the Gentoo forum administration succeeded in hiding all threads related to the correct installation of KDE,...........
Quote from <a href="http://linux.coconia.net/gentoo/2005.htm" title="coconia.net">http://linux.coconia.net/gentoo/2005.htm</a coconia.net>
I have found that nearly all linux help sites engage in significant censorship.
slashdot
Posted by: Anonymous Coward on May 19, 2006 01:21 AMI spend too many hours a day reading slashdot<nobr> <wbr></nobr>:)
#