A U.S. Navy chief who wanted the internet so she and other enlisted officers could scroll social media, check sports scores and watch movies while deployed had an unauthorized Starlink satellite dish installed on a warship and lied to her commanding officer to keep it secret, according to investigators.
Internet access is restricted while a ship is underway to maintain bandwidth for military operations and to protect against cybersecurity threats.
The Navy quietly relieved Grisel Marrero, a command senior chief of the littoral combat ship USS Manchester, in August or September 2023, and released information on parts of the investigation this week.
Good that’s a severe risk she* put everyone and the ship in. It was 17 officers in total and they attempted cover up
She
She
She?
They
First off, not an officer, a high ranking enlisted(E-8) personal was the culprit.
Second, she was a Information systems technician. She literally dealt with making sure communication was safe and secure.
I know congress has to be involved to knock her down below E-7 but they need to get on that.
So she was an NCO and the writter was clueless. Ok.
And for that kind of opsec fuckup there really shouldn’t there be discharge/prison time ?
If the military imprisoned soldiers for being dumb, there would be no military.
Exactly. You only imprison people for malicious actions. If they’re just dumb, demote and reassign elsewhere.
What this NCO did was not dumb; it was calculated and intentional violations of multiple rules and regulations they (and the others involved) knew very well. Then they tried to cover it up when people started asking questions.
Absolutely no sympathy for them in my book. These are supposed to be the leaders other enlisted look to emulate.
First off, not an officer, a high ranking enlisted(E-8) personal was the culprit.
Typically, anything E-4 or higher is considered a Non-Commisioned Officer.
EDIT further clarification: from my experience in the Canadian Army, what “Officers” means depends on context. Most often (and what !Bluefalcon@discuss.tchncs.de probably meant) it means just Commissioned Officers. Other times, it’s anyone in leadership, including NCOs.
I totally understand where you’re coming from. It’s absolutely not uncommon to casually refer to high-rank NCOs as Officers (in Canada at least)
[Source: Family in CAF and RCMP]
Very uncommon to refer to NCOs or SNCOs as officers in branches of the US military that I have experience with. Interesting about Canada though, I wonder what other countries do
A CMDCM, so an E9. No Congressional approval is needed to bust down an E8 though.
Guess what the letter O in NCO is, dummy.
The term officer, alone, as it stands in the headline, is reserved for commissioned officers. No one in the military would assume that headline was referring to an NCO.
No one in the military
Okay, but is the person still an officer? I mean, it is in the name. The way I see it, as a layman, it is kind of hard to ding the author for getting this wrong when they are technically correct and a laymen would consider them an officer, and the only real complaint is that colloquially military members don’t refer to them as officers.
What am I missing or wrong about?
Don’t call me sir, I work for a living.
The difference between officers and enlisted (even enlisted “officers”) is well understood in the public domain. Just google the term “military officer”. You won’t find a reference to NCOs.
From the AI:
Here are some things to know about military officers: Pay grades Officer pay grades range from O-1 to O-10.
Army’s top-level page on “officers”: https://www.goarmy.com/careers-and-jobs/find-your-path/army-officers
From the wiki:
Broadly speaking, “officer” means a commissioned officer, a non-commissioned officer (NCO), or a warrant officer. However, absent contextual qualification, the term typically refers only to a force’s commissioned officers, the more senior members who derive their authority from a commission from the head of state.
This just takes very little research for anyone writing an article on the subject. No, I don’t expect the laymen to automatically know the difference between an NCO and a commissioned officer, but we are talking about a journalist here. I suppose if you want to lower your standards for journalism, fine.
Exactly. Journalists are expected to do research, and this is a trivial amount of research.
The N also stands for Non
How the fuck did she think this was anything close to a good idea?! This shows a profound lack of good judgement, and a huge failure of both respect for her job and for the safety of the crew.
Yeah true, but tiktok
Many people are bad at delayed gratification and long term thinking.
Especially in the military. That said, she was pretty high-ranking, so surely she’d been around long-enough to know that wouldn’t be okay.
Chiefs are enlisted, not officers. C’mon, AP, this is like day one stuff. Despite the name “petty officer” and term “non-commissioned officer”, there’s no such thing as an “enlisted officer”.
Also, “stinky” was the default SSID on Starlink, not a secret code word they came up with.
Was gonna call you out for messing that up; warrant officers are officers, they just started out as enlisted men.
Then I realized we are talking navy ranks, and my best knowledge of that is from halo.
Enlisted dont even have ranks, they have rates. They also have a rating, which refers to your role, I.e the job you do.
Yes rates are used most of the time in forms of address. However you do have a rank, for example E-5 or Petty Officer Second Class. However when addressing enlisted you’d usually say something like CTM2, IT2 etc… Until you hit chief then you are just called Chief, or senior if you are a Senior Chief, Master Chief doesn’t get abbreviated to Master for obvious reasons, and MCPON is usually referred to as “mic pon” phonetically for Master Chief Petty Officer of the Navy.
E-5 is a pay grade. PO2 is a rate.
Colloquially, you could call PO2 a rank, but strictly speaking it’s a rate, because the Navy has a lot of jargon for historical reasons.
Enlisted dont have rank in the navy, just rates. Check the article I posted.
They have pay grades, rank and rates in the Navy, though there are actually also unrated enlisted that get all assigned all the crappiest jobs until they get assigned a rate.
Enlisted only have rates, not ranks. It’s a weird navy thing. Enlisted also have “ratings” which is your job, I.e aviation tech, boatswan, etc.
Youre also talking about firemen/seamen/constructionmen/etc. These roles are e-1 to e-3 and have a rate, but not a rating.
In my experience, no one knows the rank/rate distinction and everyone just refers to rank. It’s not something they explain well.
OK, let me just break this down for you. Rates are a job in the Navy. For example, in that wikipedia article, a Fireman recruit is a rate – their job. Their rank would be a Seaman Recruit. Their paygrade would be an E-1.
In your example, a Constructionman would be an E-3. Constructionman would be their rate. Their rank would be Seaman.
You can see this better at https://www.defense.gov/Resources/Insignia/
They don’t list rates, because there’s many, many, many different jobs in the different branches. The Navy is odd in that they usually refer to each other by rates, not ranks. In every other branch, people usually refer to each other by rank and not their MOS/AFSC/Whatever. It would be weird in the USAF for example to refer to some Airman First Class as 2A33C or whatever.
You can see this further explained at https://www.military.com/navy/enlisted-rates.html where they list the rates and talk about them but then they list the ranks and talk about them. They are tied together by paygrade.
And once again, in the US Navy, an enlisted person can literally not have a rate and be called Unrated until they are assigned a rate. Usually this happens to very junior enlisted.
Again, my best knowledge of navy terminology comes from halo. Rank is th e term used in the army.
Yes, warrant officers are commissioned though. (Technically the most junior rank of Warrant Officer is a warrant from the branch secretary, not a commission, but it’s effectively the same. All other warrant officer ranks, Chief Warrant Officer 2 and up, are commissioned by the president.)
Hence the officer in the title, yes.
Warrent officers are also generally insanely talented motherfuckers that had too much disdain for the bureaucracy of the military to start over as an 0-1, and instead sit in a weird middle ground of “so much talent they were elevated up to officers from the enlisted ranks by direct request.”
That means that they are right, and you are wrong, and I mean that with complete respect.
The link below this parent with the pics shows tweets from Musk saying the point of naming it STINKY is to encourage customizing the name. I guess not everyone knew their LinkSys ID # in the dorms and/or doesn’t immediately turn their wifi into a pun. Just in case anyone else found that default name to be suspicious. They’re supposedly now back to just starlink
There’s a much bigger story here.
Think about how hard it was to discover this access point. Even after it was reported and there was a known wi-fi network and the access point was known to be on a single ship, it took the Navy months to find it.Starlink devices are cheap and it will be nearly impossible to detect them at scale. That means that anyone can get around censors. If the user turns off wi-fi, they’ll be nearly impossible to detect. If they leave wi-fi on in an area with a lot of wi-fi networks it will also be nearly impossible to detect. A random farmer could have Starlink in their hut. A dissident (of any nation) could hide the dish behind their toilet.
As competing networks are launched, users will be able to choose from the least restricted network for any given topic.
But why was it hard? Surely they’re accessing it w/ wifi, and scanning for wi-fi networks really isn’t that hard. A military ship should have a good handle on what networks they expect, and they should be able to easily triangulate where the signal is coming from.
Also, military ships should have really strict accounting for what is brought on board. A Starlink receiver isn’t particularly small, and it should be plainly obvious to security when that comes on-board.
I think it’s awesome that Starlink is so accessible for the average joe, but that’s a completely different topic than what’s allowed on military property. This sounds like a pretty big, embarassing security fail for the US military, and more people than this individual should be reprimanded, if not fired.
The original article goes into more detail https://www.navytimes.com/news/your-navy/2024/09/03/how-navy-chiefs-conspired-to-get-themselves-illegal-warship-wi-fi/
It sounds like there were over 15 people in on the scheme. At some point people noticed that there was some wi-fi network called “STINKY” and rumors started circulating about it. It took a while for those rumors to reach senior command. Then they changed the name to make it look like a printer, which further delayed the investigation.
It doesn’t look like they actually scanned for the access point. I suspect that’s because it would be hard on a ship. All the metal would reflect signals and give you a ton of false readings.
They only eventually found it when a technician was installing an authorized system (Starshield seems to be the version of Starlink approved for military use) and they discovered the unauthorized Starlink equipment.
The Starlink receivers have gotten fairly small. It seems like that was pretty easy to hide among all the other electronics on the ship.
So it’s collusion by the people who should be monitoring for such things? Or just collusion by people in some position of power, but who aren’t in charge of network security? I don’t know much about the positions these people held.
Anyone directly involved should certainly be considered for disciplinary action, but there should be more safeguards here.
The original article said the Navy hadn’t provided all the details.
It looks like those 15+ people included at least one person who should have been monitoring for such things and a bunch of people who wanted to follow sports.
They didn’t give the password to most of the crew and they tried to keep the commanding officers in the dark. It sounds like everyone involved faced disciplinary action.
Those chiefs and senior chiefs who used, paid for, helped hide or knew about the system were given administrative nonjudicial punishment at commodore’s mast, according to the investigation.
It looks like that’s an administrative process. https://jagdefense.com/practice-areas/non-judicial-punishmentarticle-15/ Potential penalties are listed near the bottom.
The person the article is about was a Chief, and the highest ranked enlisted person on the ship. She would have the respect of all the enlisted members, as well as all the officers. She would be trusted to do her job and not do something stupid like this. She easily had the ability to do this, but you wouldn’t expect her to.
It was the Chief of the ship who installed it. She was the highest ranked enlisted person on the ship. She would have the access and ability to get just about anything on board that she wanted. The fact she was able to is easy to see. The fact the she was willing to and has obtained such a high rank is pretty impressive (and stupid).
The degree of incompetence needed for SIGINT/ELINT operations to fail to discover such a transceiver for 6+ months strains credibility.
I’m guessing this is a ruse to convince adversaries that the Navy can’t detect Starlink transceivers even when they are aboard their own ships. This is much more likely to be disinformation intended to drive adversaries to use Starlink than it is to be a legitimate failure of intelligence gathering.
strains credibility
Not sure why.
Security professionals are constantly complaining about insiders violating security policies for stupid reasons.
Security publications and declassified documents are full of breaches that took way too long to discover.The Navy may have great security protocols but it’s full of humans that make mistakes. As they say, if you invent a foolproof plan, the universe will invent a better fool.
Ok, so this is a bit different from taping your password to your monitor. Security has a problem with you doing that, but unless they come to your workstation, they have no way of knowing that you do this.
ELINT is kinda like a security camera, but instead of seeing lights, it sees transmitters. You know the frequencies of the communications transmitters on Navy ships, let’s say they are analogous to blue lights. You know the frequencies of their radars, let’s say they are green. During normal operation, you’re expecting to see blue and green “lights” from your ship, and the other ships in your task force.
Starlink does not operate on the same frequencies as comms and radar. The “light” it emits is bright red, kinda like the blinking lights you see on cell towers at night.
So, you’re sitting at the security desk, monitoring your camera feeds… And you just don’t notice a giant red blinky light, strong enough to be seen from space, on the ship next to you in formation?
You’re telling me that this warship never ran any EMCON drills, shutting off all of the “lights” it knows about, and looking to see if any shipboard transmitters remain unsecured?
You’re right, I would expect users to bend and break unmonitored security protocols from time to time. I expect them to write down their password. I expect them to share their password, communicating it over insecure networks that aren’t monitored by the security department. But operating a Starlink transmitter is basically equivalent to having the Goodyear blimp orbit your office building, projecting your password on its side for everyone to see.
The idea that ELINT operators missed seeing it for this long doesn’t seem likely.
Look at what her rank was, she was Chief of Ship. She also lied about what it was and was allowing other enlisted, likely sigint/elint to use the starlink for streaming away from port.
Simple low level fuckery on a naval vessel. The softest part of security are the squishy humans.
Ok, I don’t think you read what I wrote.
Everytime you read “Starlink”, I want you to think about a flashing anti-collision beacon on a radio tower. Because that is what a Starlink transceivers looks like to every ELINT operator aboard, and on every nearby ship. Imagine a ship with a giant red blinky light on it, because that’s what an ELINT technician would be seeing.
She would have had to have recruited every ELINT technician and supervisor aboard every vessel they sailed with to make this happen.
I upvoted what you wrote and also pointed out that there were 15 other enlisted involved
She could’ve very easily turned off or shielded the starlink when they went dark for inspection. Also if it’s properly aligned and in the comms mast properly oriented it would’ve been hidden from most cursory sweeps.
There was absolutely a security failure here, but I also don’t think that fellow NAVY vessels are as focused on other ships in the fleet when underway in peaceful waters.
Unless they just turn the satellites off over the country’s that don’t want them to avoid conflict or jam all signals because they do be that way.
We’re likely to see a variant of Moore’s law when it comes to satellites. Launch costs will keep going down. Right now we have Starlink with a working satellite internet system and China with a nascent one. As the costs come down we’ll likely see more and more countries, companies, organizations and individuals will be able to deploy their own systems.
A government would need to negotiate with every provider to get them to block signals over their country. Jamming is always hard. You could theoretically jam all communications or communications on certain frequency bands but it’s not clear how you would selectively jam satellite internet.
Kessler Syndrome trumps this application of Moore’s Law.
Maybe.
Kessler Syndrome doesn’t impact the ability to produce or launch satellites.
It impacts the ability of satellites to function in orbit but it’s not a fixed limit.Humans have a pretty good track record of developing technologies that break through insurmountable theoretical barriers.
it took the Navy months to find it.
I’m surprised they didn’t hide the SSID… It’s likely nobody would have even found the network then.
You could easily scan for hidden SSIDs. It might not show up in your phone’s wifi list, but that’s by design. The traffic is still there and discoverable. Even with an app like WiFiman (made by Ubiquiti).
Disabling the wifi SSID broadcast might even increase the number of communication attempts between devices. Because all devices then must actively search for the network.
How many regular people would know that, though?
These aren’t regular people, these are navy soldiers on a high tech warship, I have to imagine their IT would know how to find rogue wifi APs.
So…mostly 18-24 year olds?
The original article says there were over 15 people involved https://www.navytimes.com/news/your-navy/2024/09/03/how-navy-chiefs-conspired-to-get-themselves-illegal-warship-wi-fi/
With that many people, it’s only a matter of time before someone spills the beans.
There are several steps they could have taken to make it much harder to discover. I expect more and more people will take those steps and we’ll never hear about it.
Effectively they did through obfuscation. The Command Chief renamed it to look like their wireless printers. She did that because so many more junior people (relative to the Chief’s Mess) complained that the officers tried to check (with their phones) for some wifi Internet. They couldn’t find it because they thought it was a printer. The Command Chief is obviously trusted since she’s the most senior enlisted but she’s also the one that lead the entire scheme. When asked directly by the Commander, she denied it existed, so after not finding it, they just assumed it was a rumor. So, they had a ship-wide call and told everyone that there was no rogue Internet access point on the ship.
It took months because when a tech from a port they were at was installing a Starshield transceiver they physically saw the Starlink transceiver.
Oh, but there’s more. Starlink will be offering 5G via satellite soon.
I had (naively) hoped that starlink wouldn’t even need a license to operate in a specific country. When their satellites eventually fully communicate between them without ground station it becomes incredibly powerful. Sort of like one of those ancient world wonders. Technology now allows to live and work everywhere in the world or on the ocean in seasteads.
Unfortunately it’s owned by greedy oligarchs and the planned multiple constellations make a kessler syndrome more and more likely.
I’d be curious to see the dish install. It’s hard to imagine how someone would think it’d go unnoticed, on a warship, no less.
Ship officers heard the scuttlebutt about STINKY, of course, and they began asking questions and doing inspections, but they never found the concealed device. On August 18, though, a civilian worker from the Naval Information Warfare Center was installing an authorized SpaceX “Starshield” device and came across the unauthorized SpaceX device hidden on the weatherdeck.
Heh.
Why the F were they broadcasting the SSID on a “secret” wifi network? That’s just asking to get caught. If they had hidden the SSID most people would never have known about it.
You’re expecting intelligence and competence from these people? The ones who thought it would be a good idea to violate a half dozen regulations to even install it in the first place?
Supposedly she was an information and IT specialist… Setting the thing up to not broadcast its SSID should have been one of the first things they thought of. But probably she didn’t know it could be done, which again speaks to her overall incompetence.
Extra fun is that the head chief never gave anyone else the password. She logged into each of the other chiefs devices.
She could have 100% also typed in the ssid at the time. It would have taken almost no extra effort.
You can view WiFi passwords for saved networks on pretty much every OS. There’s no reason to be secretive about entering WiFi passwords, at least to the people whose devices you’re entering the password on.
Indeed, I can share it from my phone via QR or just see the password plain.
She should have used eap-tls…
You think someone stupid enough to make all the above mistakes would be savvy enough to build PKI and a RADIUS server? You’re giving her too much credit.
The worker still would have found it.
You can still see a WiFi network (and tell that it is unique from others) even when it’s not broadcasting SSID. It’s just one less piece of information available when someone is trying to access it.
Security through obscurity isn’t security, but it’ll keep neighborhood kids from trying to guess the password from across the street. On a warship? They’d have still seen it.
Yes but not as blatant as STINKY
Everyone with a smartphone would see STINKY and immediately get suspicious, while only techs would have noticed the hidden network and investigated on that
On a warship? They’d have still seen it.
It took 6 months to discover, and even then it was by techs who went to physically install different hardware saw the dish hardware mounted to the ship. That’s the real WTF here, how do these ships not have some kind of passive RF scanning/rogue AP detection??
It was seen by regular enlisted people who saw the network on their phones and left comment sheets asking WTF it was, but the person in question snatched up the papers before they got to the officers. If they had hidden the SSID, nobody would have seen it because nobody scans for hidden SSIDs on their phones.
scuttlebutt
Do US Navy ships even have a scuttlebutt anymore?
Yes, they all have drinking fountains. Absolutely no one at all calls them scuttlebutts though.
Scuttlebutt in this case refers to gossip, which is also why the water fountains are called scuttlebutt - people would gossip around them
Other way round. Scuttlebutt was the name for the casks of freshwater and then for the fountain. Sometime between those two eras it came to be the word for gossip because of the association with gossip being told around the scuttlebutt.
Sometimes, the internet is lovely
It’s the original water cooler talk. Probably weren’t talking about tv shows, though
The commentator asked if ships had “a scuttlebutt” anymore. Im well aware it’s the term for gossip, but since gossip isn’t an object, I assumed they asking about the drinking fountains.
Ships do still have them.
Oh I’m not trying to correct you I just have less than 0 social awareness and saw a word with a funny history so I shared my knowledge on it lol
Ugh, Elon continues to have the absolute most inane sense of humor on the planet. I’m not sure if it’s him or Zuck who are more clearly aliens wearing human skin
It’s Zuck. Elon is just a perpetual 13yo. TBH, he’s not entirely unlike Peter Pan (from the book).
To be fair, I also try to be closer to 13yo than my actual age, I think that makes life more fun. But I’m also not the CEO of multiple large organizations, and I would adjust how I behave if I was in that role.
I tough they changed the name to stinky for the lulz but it was the default name imposed by the childbrain. Amazing opsec.
Multiple people were involved, and it was probably mounted in a location where other people were unlikely to know that it was out of place.