Navy Information Operations Command San Diego Whistleblower NIOCSD.com

Article 138 Complaint of Wrongs

NIOCSD.com
Basic SCI Systems User Course (ONI-SSONAVY)
U.S. DOD Computer Network Hackers
Congress Reports / Intelligence Summit
Spies and Traitors
Identity Theft
7 write-ups STOP Re-Enlistment
Article 138
3 Hour Argument
Board for Correction of Navy Records
Weather and News
LINKS - GOVT, DOD, Navy, and NIOCs

Click Document
Article138Release1.jpg

Article 138 Complaint of Wrongs Signed and Submitted on March 16, 2007












Click Document
Article138Release2.jpg

     No Command Instructions in Regards to Computer Systems or Removable Writable Media (Floppy, DVD, CD, .. ETC.).., 
     I have been talking about this since SEPT. 2005, continously and did NOT start E-mailing about this and reporting specific examples until OCT. 2006..., more then a year later.  I mention this because I did NOT want to get people in trouble but after a year of talking about this I had NO choice. 
     I could get in trouble for condoning it and so can YOU.

Hackers attack Naval War College



 

Click Document
Article138Release3.jpg

Sir, Ames, Walker, and Hanson, some of the biggest spies in U.S. history would love the relaxed security NAVIOCOM, San Diego relaxed security especially in regards to removable writable readable media when I checked into the command.

Sir, CNO (CND, CNE, CNA) all have a powerful affect on OPSEC, MILDEC, and PSYOP.  I have been obstructed every step of the way in regards to this.







Click Document
Article138Release4.jpg

Required Vuport Course OIAC2271 "Ignorance is NOT considered a valid excuse in the court."  "Remember it is YOUR responsibility to be aware of legal issues and know applicable policies."

Required Vuport Course OIAC1170 "The most common threat faced by ---/--- information systems come from authorized users."  "Man-made, inside, friendly / accidental threats made up the largest group of threats to ---/--- systems"  "They are usually caused by Errors in judgement or Procedure."




Click Document
Article138Release5.jpg

Vuport Course: Malicious Code Threat [OIAC1171]

What should you do to keep your system free of Malicious Code.

     * Log-off you system nightly to allow Virus Scan to update
     * Check the latest Scan Information on your computer


Fact:
[People were just locking their workstation and not logging out of any of their computers classified of unclassified computers at the end of the work day.]



Click Document
Article138Release6.jpg

The Operations Leading Chief [OPS-LCPO] CTTCS has harassed me about doing a course on Vuport.   CTTCS says that what I'm doing does NOT look like IO [Information Operations] stuff.  Keeping OPSEC information secure is impossible without talking about computer network security.

[The OPS-LCPO CTTCS has continuously harrassed me about doing something that goes to the core of what our job is.  That is highlighting Information Operations VULNERABILITIES.]




Click Document
Article138Release7.jpg

FY GMT 1.3 Operations Security

The technology exists to INTERCEPT or even record EMAIL content without your knowledge.  We cannot assume that emails can't or won't be compromised.

[I am being written up and yelled at by mentioning Real World Threats to U.S. Government Computer Systems.  I am only doing this because people act like they do NOT know anything about it or they swear that government computer systems NEVER get attacked or infected with malicious code.] 



Click Document
Article138Release8.jpg

I am alone in the EW shop and the building is practically empty during the holiday stand down in the afternoon.

[If someone is working alone in the office while everyone else is on liberty; the last thing I would do is harass them about how lazy they allegedly are.]







Click Document
Article138Release9.jpg

Do NOT install Unauthorized software or files from media (floppy, CD, DVD, etc..) :
Sources of Malicious Code.
* Images  * Open Source Documents  *Audio Files  * Games  * Screen Savers  * Developer's tools

[ The above items were being downloaded from the Internet and put on classified networks practically everyday without any command instruction.  I do NOT care if this happens, but I do CARE that this is happening without a command instruction, departmental instruction, or divisional instruction.  Nobody wanted to put this in writing. ] 

Click Document
Article138Release10.jpg

Sir, I do NOT understand how Low to High domain transfers became an issue when it should be COMMON KNOWLEDGE since everyone was required to do the NKO Course: Basic SCI Systems User Course (ONI-SSONAVY).

Sir, the practice of Low to High domain transfers through removable media from the internet is forbidden as a basic SCI user and in any case domain transfers require a Command Instruction as required be Department of Defense.





Click Document
Article138Release11.jpg

[C.O. NIOC San Diego] Per our nearly three hour discussion....
Your security concerns are indeed a serious matter and MAY BE considered valid.
....Further investigation is needed to identify all existing guidance and to determine if contradictory policy may exist in those instructions

[Appears to me like the C.O. wants to PICK and CHOOSE what DOD instructions he will or will NOT follow.  I said and continue to say that you have to follow the strictest instructions.  If a DOD instruction is stricter then a Navy instruction then you have to follow the stricter DOD instructions or vise versa while being in strict compliance with both instructions.]

[For example a NIOC San Diego instruction could FORBID the use of any and all types of Removable Writable Media (Floppy, DVD, CD etc.).  Since the NIOC San Diego instruction is stricter then the DOD or NAVY Instruction then it is the one you follow.]

Click Document
Article138Release12.jpg

Click Document
Article138Release13.jpg

There is an Active Security Breech in Intel. Div. I need the ISSM or the SSO to tell the Intel people to stop using removable writable media without a command instruction.  the C.O. should be notified immediately.

[The moving of data from the internet to our classified networks through removable writable media has been done without command instruction since I checked into the command in SEPT. 2005.]





Click Document
Article138Release14.jpg

Required NKO Course

Protecting Unattended Computer
     * Activate screen lock during temporary absences
     * Never leave workstation unlocked and unattended
     * Log out at end of work day
     * Log out for extended absences
     * IC rules are more stringent than DOD rules


If the above rules are wrong than make a command instruction to protect your people in the case someone tries to say someone is doing something wrong.  People were NOT logging out at the end of the work day or logging out for extended absences.

Click Document
Article138Release15.jpg













Click Document
Article138Release16.jpg

The NMCI helpdesk specifically said the message authorizing people to shutdown their computers at night does NOT address ANTI-VIRUS scans [or anti-virus scans.

NMCI Hacked 

[The NMCI helpdesk specifically told me that Anti-Virus scans or anti-virus software have nothing to do with them [NMCI].  Still NO command instructions, on any of the computer systems whether they be NMCI or Classified computer systems at the time I checked out with the C.O. in May 2007.  At this time he was asking me to drop the Article 138.]




Click Document
Article138Release17.jpg

Message Requiring NMCI computers to be powered on "In order to conduct scans to ensure workstation have the correct security software, users are directed to log out of their workstation at the end of each night.











Click Document
Article138Release18.jpg

[Our own IT Division is saying all the classified computer systems stay on 24 hours a day.]

Vuport Course: Malicious Code Threat [OIAC1171]

What should you do to keep your system free of Malicious Code

* Log-off your system nightly to allow Virus Scan to update

* Check the latest Scan Information on your computer

It is important that you Log-Off your system nightly.  This is when your Virus Protection Software is Updated.

Vuport Course:  Malicious Code Threat [OIAC1171]

Click Document
Article138Release19.jpg

All it takes is ONE computer to bring down an ENTIRE network.











Click Document
Article138Release20.jpg













Click Document
Article138Release21.jpg

I was ordered to anger management classes.

No command, departmental, or divisional instructions in regards to computer systems or removable media (Floppy, DVD, CD, etc.) at the time I checked out with the C.O. in May 2007.







Click Document
Article138Release22.jpg













Click Image
Article138Release23.jpg













Click Document
Article138Release24.jpg













Click Document
Article138Release25.jpg













Click Document
Article138Release26.jpg













Click Document
Article138Release27.jpg

ANY and ALL media being used by Intel without strict and detailed instruction command procedures is a practice dangerous to security.

....

The OOD just allowed an officer airman [officer aircrew member] to take [Writable] magnetic media out of the building.  

Questions or Comments E-mail ig@niocsd.com

NIOC SD Whistleblower
NAVIOCOM, San Diego
NIOC SD Whistleblower

Navy Information Operations Command, San Diego WHISTLEBLOWER