Updated, see bottom of post.
Information Dissemination, my home blog, is currently unavailable due to “maintenance” according to Google. From what I understand by this report, every Blogger blog is currently unavailable. According to news reports, this is related to a bug in code migrated last night – which did happen because I was awake at the time and remember getting locked out.
I have filed a complaint with Blogger asking a few questions, which reveals why the discussion is appropriate for the USNI Blog.
USCYBERCOM Blacklisted Blogger Today?
Blog Address: www.informationdissemination.net
Browser(s) Name/Version (ex: Firefox 4, Internet Explorer 8): Firefox 4
Geographical Location (ex: San Francisco / USA): USA
Long description of problem:
I write a milblog hosted on a blogger server. At approximately 3:00pm today USCYBERCOM blacklisted Blogger. At approximately 6:00pm today, my Blogger website went offline.
According to one base operator, “The DNS Site that hosts your domain name is more likely being blocked because of posting malicious traffic or higher level security reasons by advisory of DoD [CYBERCOM/NCDOC].”
The Washington Post is reporting tonight a website for Chinese dissidents hosted by Blogger was claimed to have been hacked by the Chinese government.
So a Blogger website was hacked, all of Blogger is being blacklisted by the Department of Defense for “higher level security reasons,” and now Blogger is down for “maintenance?”
Would appreciate clarification why USCYBERCOM has blacklisted all of Blogger for security reasons. This isn’t good for either of our business.
– Raymond Pritchett
I believe Google when they say Blogger is down due to maintenance problems, and believe what is happening in regard to my lack of blog administrative access tonight is purely coincidence.
What I do not understand is why USCYBERCOM would blacklist all of Blogger, not only blogspot.com but any website running on a blogger host, for no other apparent reason than one Chinese dissident website was hacked. Is USCYBERCOM really so paranoid that if the Chinese government hacks a single website, USCYBERCOM will figuratively cyber nuke access to an entire cloud? If that turns out to be true, the Chinese appear to be deep inside our OODA loop at US Strategic Command, and speaking as a US citizen, I find the DoDs cybernuke reaction quite embarrassing.
Did USCYBERCOM make a mistake when blacklisting all Blogger hosted websites, or was it intentional?
Did USCYBERCOM inform Google of the security problem that led to Blogger being blacklisted? We aren’t talking about some mom and pop hosting shop, this is Google.
I understand and respect the role and responsibility of USCYBERCOM is to defend Department of Defense computer systems from security threats, but I am a little troubled that the DoD would blacklist millions of websites on the internet in what appears to be in response to the Chinese government reportedly hacking a single website on a Google server.
To me, that would seem to be an excessive overreaction by USCYBERCOM.
Update: Some are noting Blogger had a backup restore last night resulting in loss of data. That is a Blogger issue, and has nothing to do with DoD access blocks.
I am hearing that several DoD locations that could not reach Blogger last night can this morning, and the problem was related to a bug in a web content filter policy update for some specific software. That is good to know, if true. It is unclear why USCYBERCOM would be associated with the issue in requests last night, although it may be that as a DoD networks policy shop the organization issues the specific software update alerts, and that somehow added confusion.
I think the bug highlights the dangers of overarching government security on the internet. In this case, a bug in a normal, everyday automatic operation in otherwise stable software made a huge configuration change, and the result was the blocking millions of website. Blogger is social media, not exactly a major economic engine, but the danger comes should a bug accidentally block access to say – the Amazon cloud – for example.
It reminds me of the government internet killswitch debate. It is hard to believe that a network as resilient as the internet would have less risk if there existed a mechanism that completely disrupted the resiliency of the internet. Is the economic risk to the internet higher or lower with a government controlled killswitch, or single point of failure, depending upon how one looks at it?
In many ways I see the challenges of securing networks much like the challenges of security from terrorism, and by that I mean that the solution lies in active and passive defenses, selective offensives, but most critically – resiliency to disruption. It is unfortunate that the resiliency piece does not appear to have the most influence in security policy decisions at the political level.