Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
United States Communications Encryption Privacy Security

Air Force Launches Encrypted IM Service 182

Posted by CowboyNeal from the messages-flying dept.
nomrniceguy writes "U.S. Air Force's Print News Today announces a new instant messaging service for enlisted people stationed abroad to communicate with their families and loved ones. Users cannot send images, audio or other documents through the system. Messages are also encrypted to prevent unauthorized access."
This discussion has been archived. No new comments can be posted.

Air Force Launches Encrypted IM Service More

Air Force Launches Encrypted IM Service

Comments Filter:

  • UUcode anyone? (Score:4, Informative)

    by Anonymous Coward on Thursday December 23, 2004 @07:05PM (#11172706)
    Can't send pictures, huh?

    • Re:UUcode anyone? (Score:1, Informative)

      by Anonymous Coward
      I'm in the air force and I been deployed and will be deployed for at least half of my air force carrer.

      the reason for this is there is this thing called general order number 1 which bans pornography in a warzone, I've seen people get artical 15's because of this.

      article 15=bad disciplinary action.

  • No images? (Score:4, Informative)

    by Martin Blank ( 154261 ) on Thursday December 23, 2004 @07:05PM (#11172707) Homepage Journal
    Anyone have a copy of uuencode laying around for them?

  • Protection (Score:1, Funny)

    by xOleanderx ( 794187 )
    This will protect their vital messages such as HeY SeXaY and WhAt R U N2?

  • New Slogan (Score:3, Funny)

    by phaetonic ( 621542 ) * on Thursday December 23, 2004 @07:05PM (#11172716)
    B a11 U /an B, |_o|_
  • Users cannot send images, audio or other documents through the system uue or yenc?

  • $5 says... (Score:1, Offtopic)

    by sH4RD ( 749216 )
    $5 says someone leaks it out and regular people try to use it as an encrypted messenger.

  • Perhaps... (Score:3, Insightful)

    by neiffer ( 698776 ) on Thursday December 23, 2004 @07:06PM (#11172724) Homepage
    They should be more worried about soliders posting their digital camera photos to public sites than what could be hacked through instant messages...
    • Most (but not all) soldiers know not to publish confidential information to the public.

      It's the causal daily chatting to a spouse/partner or story-telling to their children that seems confidental that gets them going and can be colourful and can contain lots of details.

      • Re:Perhaps... (Score:4, Insightful)

        by Etcetera ( 14711 ) * on Thursday December 23, 2004 @11:10PM (#11173938) Homepage

        It's the causal daily chatting to a spouse/partner or story-telling to their children that seems confidental that gets them going and can be colourful and can contain lots of details.


        Loose lips sink ships. I wish the trolls here would try to understand that very simple concept.
        • This isn't about WWII type security. This is about GWII where unwanted pictures have spread around and appeared in newspapers. Very embarassing for both the military and the government.

    • Re:Perhaps... (Score:3, Informative)

      by The Snowman ( 116231 ) *

      Keep in mind this is the Air Force. We don't have Soldiers, we have Airmen. We don't fight on the front lines, for the most part we fly desks far far away from the bad guys. The closest I've been to combat is watching it on CNN from the comfort of my home on base.

      Anyway, I have seen a few pictures from digital cameras from deployed Airmen. For the most part we all practice good OPSEC and I have yet to see a picture I shouldn't have.

      • Not all Airmen have desk jobs. I was a M60 gunner in the Air Force and helped hold the front lines at King Khalid Military City (40km south of Kuwait) before the Special Forces, who came up from the south, passed us up and took the front lines from us. This was in the first Iraq conflict in 1990.

        My basic training was both Air Force and Army basic training, one after the other. After that, I attended technical school to learn the art of combat (and everything that it includes), proper search and clear pr
    • What would your first reaction be when the military forces, who are OCCUPYING, not in the process of an invasion, start trying to stop pictures from getting to the public?

  • RTFA: Not a launch (Score:5, Informative)

    by IO ERROR ( 128968 ) * <errorNO@SPAMioerror.us> on Thursday December 23, 2004 @07:06PM (#11172726) Homepage Journal
    This instant messaging service has been in use for a couple of years now. However it was limited to military and contractors. Now it's open to family members. The airman has to sponsor you by entering in your email address, and then you receive login instructions.
    • Kinda like a gmail invite then :D
    • The Army has had a similar operation going on for over three years now, open to family members as well. All you need is an Army Knowledge Online (AKO, www.us.army.mil) account. Accounts are open for anyone that a soldier can sponsor for an account. Registration for the portal is automatic for soldiers and provides access to the portal. Sounds like what the US Air Force has done is copmore of the same. I know that the Navy has their own internal portal as well called unsuprisingly Navy Knowledge Online. Its

  • Censored? (Score:2, Interesting)

    by Filberts ( 35129 )
    No media, huh? I guess that means we can go back to using our imaginations to visualize the horrors reported back by our soldiers abroad.

    On a lighter note, it's nice to see that they will have an easily surveilled method to connect with family from abroad.
    • ASCII-armoring, anyone?

    • Re:Censored? (Score:1, Informative)

      by Anonymous Coward
      Like anything else on a government box isn't subject to monitoring. Sheesh.
      LART thyself like a baby harp seal for that post.
      We are, BTW, not allowed to use USAF computers without signing off that we know the ROE for using an Air Force computer system. Most airmen have official email accounts as well, and IM only augments these. Official email DOES support attachments, and most accounts are accessable from the internet. Furthermore, sending photos of anything not classified or from which x'fied info can be e
    • No media, huh? I guess that means we can go back to using our imaginations to visualize the horrors reported back by our soldiers abroad.

      Yeah, because there's absolutely [blackfive.com]

    • On a lighter note, it's nice to see that they will have an easily surveilled method to connect with family from abroad.

      Any communication made through a government computer or network is subject to surveillence. Every time I log in to my computer at work I have to click through a long legalese dialog box that says everything I do may be monitored. This is no different from anything else a deployed Airmen might use -- DSN phone, satellite phone, email, or even this IM program. While it sounds like Uncle Sa

  • Does it run on Linux?
    • According to the article, it isn't OS-dependent, rather it seems to function in a browser, not as a standalone program.

    • yes (Score:3, Informative)

      by Errtu76 ( 776778 )
      OS, Web Server and Hosting History for www.my.af.mil
      http://www.my.af.mil was running AkamaiGHost on Linux when last queried at 24-Dec-2004 05:38:53 GMT

  • Encryption? (Score:2, Insightful)

    by AtOMiCNebula ( 660055 )
    What's wrong with Jabber, AIM, MSN, or any other chat medium? Sure they might not have encryption (unless the Jabber server has SSL enabled), but then again, I'm sure there's some rule that says that the soldiers shouldn't be sharing secrets or mission critical information with anyone but themselves...

    ...right? So why the need for encryption to keep the "I hope I'll be home soon, how's the family?" messages private? Unless I'm missing something...
    • With the gaim-encryption plugin, you can use 4096 bit rsa with any of those protocols, not to mention protocols like IRC etc. I highly doubt any browser-based encryption scheme can compare with that.
    • Perhaps they're more concerned about information that could be deduced from such a conversation? Information that could possibly be used against them if it fell into the wrong hands.

      Even in a normal conversation it's quite likely that a great deal of information could be inferred from it, unless of course people were very very careful. However I doubt caution would be on the utmost of people's minds in this instance, rather it'd more likely be communicating with their loved one whom they miss.
    • It would be good to avoid any enemies sniffing all the messages that look like this: "It's late, and I love you. Pray for me; we're going into action tomorrow." Enough messages sniffed like that, possibly with IP addresses attached, and an enemy force might be more prepared than the military might like.

    • Re:Encryption? (Score:2, Informative)

      by Jeffery ( 810339 )
      Conventional IM programs are not authorized for use on Air Force Systems. This program is the only way for us when we are overseas to communicate back home in an IM way. and yes, i am in the air force, and used this program during my stint in Iraq/Oman.
    • Actually, current versions of AIM do support encryption.

    • Re:Encryption? (Score:1, Insightful)

      by Anonymous Coward
      Besides the points given by others here -

      If you're going to encrypt any traffic, it's a pretty good idea to encrypt all traffic, because then you're not telegraphing which messages are interesting.
    • Maybe the idea is to just create a whole lot of unimportant encrypted traffic as a distraction from the more important stuff?

  • Way to go, chief (Score:3, Funny)

    by Rinisari ( 521266 ) on Thursday December 23, 2004 @07:08PM (#11172745) Homepage Journal
    Text only, eh? To the multitudes, I present two functions, base64_encode [php.net] and base64_decode [php.net].

    Email is still all text and probably always will be :-p
  • "If you are using a modern browser, that's all you need to use the chat," he said.

    I guess that rules out links, w3m, and lynx.
    Think it works with Firefox or Mozilla?

  • Unsurprising (Score:4, Insightful)

    by Sanity ( 1431 ) on Thursday December 23, 2004 @07:11PM (#11172762) Homepage Journal
    Users cannot send images
    Gee, I wonder why [thememoryhole.org]
  • It would be interesting to know how secure the encryption really is. Traditional 128-bit SSL? And does the Air Force get to censor the communication?
    • This is one of those situations where i'd be really inclined to distrust it unless it were open source.

      I don't think it's beyond the realm of possibility that all messages are logged and can be decryped by the appropriate authorities.

      The move of offering "encryption over the internet" may be a carrot to discourage people from using aim/msn/icq/irc, while bringing conversations back to where they can be intercepted.

      I think Trillian provides end to end encryption on top of standard messaging networks.

  • what about military secrets? (Score:4, Interesting)

    by lawpoop ( 604919 ) on Thursday December 23, 2004 @07:17PM (#11172812) Homepage Journal
    How encrypted is this? Can military censors read this? What's to stop someone blabbing about deployments or positions?
  • Seriously, Trillian has been encrypted for at least 4 or 5 years... (it only encrypts between 2 Trillian clients).

    Anyone know why the AF would come up with their own system? Is it just to be able to backdoor it for security reasons?

    • It works over the ICQ and AIM protocols and called "SecureIM". It may work over Y! as well.. I can't recall.
    • And this is one of the main reasons I use Trillian and have my friends using it. Encryption is a snap. I believe the new yahoo client has an encryption option also.

      >Anyone know why the AF would come up with their own system?

      Why not? I'm sure its a lot cheaper than paying for trillian licenses and of course the option of having the encryption key to decrypt communications is very appealing. Maybe its more feature rich than trillian's. Someone can try a man-in-the-middle attack, steal your buddy's logi
  • And yet they have blogs [americasarmy.com].
  • They state in the article that initially the users could chat to people on other IM networks, but the functionality was removed because these networks allowed users to send&recieve files etc.

    So why the hell didn't they just disable this feature and keep the gateways in??
  • Supplied by akamai.com ?

    See the links throughout

    http://www.my.af.mil/

    to, for example (Privacy Policy)

    http://a248.e.akamai.net/7/248/7850/v001/ftptria l. download.akamai.com/11372/DoD%20Warning%20Statemen t.htm

    Stephan

  • Security of the client machines being used (Score:4, Interesting)

    by mahesh_gharat ( 633793 ) on Thursday December 23, 2004 @07:36PM (#11172917)
    No matter what kind of encryption technology they have implemented for their IM; if the soldiers are going to use the webbrowsers in cybercafes in the foreign land. Then god help them. I have been here in KSA (Kingdome of Saudi Arabia) for six month now. All the MS-Windows systems in cybercafes are full of spywares, keyloggers and whats not. Most of these problems due to administratative rights given to all the clients who need just a browser. No matter what technology one uses over netwrok but its very difficult to get rid off key loggers. After experiencing all that crap I bought a dial-up internet connections cards (Nesma and Zajoul)... both the connections are pretty slow for me though.. compared to my home country dial-up.. Now I can browse through Firefox with antivirus and personal firewall on.... Pretty safe feeling now. I get atleast one incoming connection to my system from the external internet every five minutes. I suspect these are from other dailup users(probably infected) only. Withought a firewall and unpatched MS-Windows system you will be a deadduck in hour or so. I think they should give them secure client machines also. That will help them in better way. I read about the massive bandwidht they are enjoying in this IRAQ war. If they are routed through their own satellites then nothing like it.

  • It may not be end-to-end encrypted IM (Score:1, Funny)

    by Anonymous Coward
    but it sure sounds like an improvement considering the second gulf war was coordinated though.... microsoft comic chat... no really, you cant make stuff like this up! [wired.com].(search for "alien" in the text... I kid you not!)

    IRC, the protocol voted "script kiddies choice" for ten years in a row, is what powered the critical communication infrasteructure. Combined with a microsoft client that adds comic characters. Also the database used for collecting and assigning ground targets for bombers.... access.
  • It may just be my copy of Firefox, but the link at the bottom of that article (to the actual AF website) throws up a dodgy server certificate warning.

    There goes any hint of faith I may have had in this being secure.

    • Re:Invalid server certificate? (Score:1, Insightful)

      by Anonymous Coward
      There's no way a .mil is going to trust Verisign and such, so of course they'd sign their own certificates. It absolutely does NOT make it any less encrypted or less secure...
  • Somehow I don't think that this is really encrypted. Well... encrypted so that enemies can't intercept it, yes... but not encrypted so that the Air Force itself can't read what's being transmitted. Somehow I doubt they'd leave the risk of transmitting sensitive data with no way to see what's happening completely open to the entire Air Force.

    - dshaw

  • Unofficial Explination (Score:5, Insightful)

    by Jeffery ( 810339 ) on Thursday December 23, 2004 @09:37PM (#11173424)
    I am in the Air Force, a 2E251, job title is "Computer, Network, Cryptographic, and Switching Systems Journyman". here is how i can best explain why it is encrypted and why we cannot use regular IM products (aim, icq, etc etc...) It isn't that classified or top secret messages are being transmitted across this system, it's simply to keep the enemy from deducing simple things and protecting the members families. Think of it this way, if you have 100 people from the same network ID talking about hopping on a plane for a "Big Mission" the enemy might beable to figure out what's going on. another good reason for encryption is so that when members are like, "Boy, i can't wait to go home for christmas and go to grandma's so and so's house this year" what's to keep enemy's/Terrorists from taking from there grandma's name, finding out where she lives, and then kidnaps her to black mail you, or just out right kill her to hurt the morale of all troops in the sand box. also, due to AFI regulations, regular IM programs are not authorized for use on Air Force Systems, plain and simple, for those exact security reasons. i was in Iraq/Oman for a while back in the summer of 03, and i used this program alot. Thank you all, and i hope this was useful.
    • I'd like to know if the military controllers have the keys to decrypt and monitor the messages.

      Also, I'd like to know when the military will stop censoring the real images of war. Why is it not surprising that the communications system for troops can't send images. Technology? NO. Politics and spin -- probably.
      We gotta keep control over the people. The press can't even print all the images they want. ... and this is what the shrub calls the "free society" in contrast to the others out there. Someone m
      • I would assume that it is possible, but not practical to monitor the messages (since the server that handles it all is probably in the US). After all, telling family members things that one shouldn't (like mission details) probably doesn't happen very often, but if someone was suspected of doing so then I would guess that someone would listen in to make sure that they didn't. Also, I would assume that this is similar to those java IRC clients you see on some websites. My guess is that they wanted to depl
      • I'd like to know if the military controllers have the keys to decrypt and monitor the messages.
        Why are you going to use it?

    • Re:Unofficial Explination (Score:4, Interesting)

      by Mysticalfruit ( 533341 ) on Friday December 24, 2004 @12:19AM (#11174349) Homepage Journal
      Actually one of my friends whose in the Army had something like this happen to one of people in his squad. He started getting harrassing emails from someone who identified themselves as part of the Iraqi resistance and then started naming his family members in the states that their assosiates would hurt if this person continued to serve. Last I knew the FBI got involved, etc. So, this sort of thing is already happening.

  • How is this possible? (Score:4, Funny)

    by dswensen ( 252552 ) * on Thursday December 23, 2004 @10:46PM (#11173785) Homepage
    This far into the discussion and no one's made an "AIM High!" joke yet? C'mon, people.
  • does anybody know if the IMs are moderated by a security team in a similar manner to written letters to prevent servicemen and women from accidentally releasing sensitive information?

    now, don't get me wrong, censorship is almost always bad, but in the military it is a necessary evil to prevent a mole from leaking information. this information would only be useful to a terrorist and be used to put our enlisted men and women in harms way.

    Encryption is useless if one of the people on either end blabs somethi
    • It's not pointless at all. It's damage control, just like the no images/files thing probably is. While sensitive information should not be transmitted, sometimes what we consider worthless info is very useful to those that know how to do use it. If some information, maybe sensative, maybe not so much, but still useful was transmitted on an open link, anyone in between can read it. For fun with this, go sit in an airport with a packet sniffer running on the wireless network. However, if you encrypt it, at le

  • this is great (Score:1, Interesting)

    by Anonymous Coward
    I'm in the air force and I actually get deployed to the base that this client was beta tested. things are pretty restricted there. Here's a synopsis of what it is like.

    being that going off base to go to cyber cafes and use the internet there is really not reaslistic to do everyday, maybe not even once a month, our only choice is to use the internet connection provided on base. Don't get me wront i think it's great for them to give us this luxury in a war zone, but we get the internet through the local int
  • Web-based, SSL encrypted system. I've personally used it and find it sub-par. It's not designed to compete with AIM, et al. It can't.

    What it does have going for it is that the AF has tight control over its network. You can't install MSN messenger, AIM, YIM, Trillian etc. without getting picked up by the admins. And the ports are already blocked. Being a web-based client, it doesn't require an installation, nor does it take up any extra ports.

    Regarding encryption and monitoring, the AF can monitor, b
  • Essentially UNIX talk (or ntalk), over an SSH tunnel?

    Kinda sad.
  • The US Military is tied up by a lot of rigid rules. They could've been using IPSEC, stunnel, email and PGP, Kerberos, or some other security setup long ago except for the rules. For instance, military personnel aren't allowed to encrypt any data without special permission. Sometimes they will actually use ftp with no protection at all, because it's politically easier to work in the clear than get permission to use openssh. Sometimes an available encryption method, such as DES, isn't "good enough", so in
  • Re-inventing the wheel at tax-payers' expense
    is not my idea of frugal gov't use of tax $'s

    I'd have jumped on the Skype bandwagon; it rocks for free!
  • Will this new instant message service perhaps be named IcbM?
  • anything that it can't decode in real-time (or in the future via archives) for any given use.

    As for the suggestion to use UU en/decode or other binary-to-text converters: It's potential use was most probably thought of, which in turn would prompt the creation of a script that would scan through and moderate (or flag for review by IT personnel) those messages which contained headers for programs such as UUencode, PGP, etc.

    Like every system, there will always be ways around its security measures. Howev

Slashdot Top Deals

I have hardly ever known a mathematician who was capable of reasoning. -- Plato

Close