State/IRM blocked this blog’s evil shadow diplopundit.com, and it’s a good thing!

Posted: 7:24 pm EDT
Updated: 4:06 pm EDT
[twitter-follow screen_name=’Diplopundit’ ]

 

Last week we blogged about some reported issues with accessing this blog from the State Department. There were reports of this blog displaying as a blank page, and another of this blog being categorized as “suspicious.”

Two things to remember — first, if you’re connecting to this blog from a State Department network and you get a blank screen, check if you’re using Internet Explorer 8. If you are, you need to switch to Chrome if you want to read this blog.

Second, if you get the “suspicious” prompt or a block that prevents you from connecting to Diplopundit, make sure you are connecting to the correct URL – the one that sounds rhymy — diplopundit.NET, and not/not its evil shadow diplopundit.COM.

Here is the back story.  We thought it was a question of the left hand not knowing what the right hand is doing, it wasn’t that. Nothing to do with the tigers either. So our apologies for thinking that.  The firewall did bite but it was not done out of any wicked reason. It was merely a coincidence of two unrelated issues that occurred around the same time.

After we’ve blogged about issues with access from State, Ann from State/IRM’s Information Assurance office reached out to us to help see what’s going on.

“Suspicious” Category

So folks who attempted to access Diplopundit but typed .COM instead of .NET were blocked by state.gov, and will continue to be blocked access. And that’s a good thing.

image002-4

IRM/IA’s Ann did some sleuthing and discovered that somebody is domain camping on diplopundit.com, a domain registered out of Australia under protected status, so it’s not clear who owns it. Apparently, it is a very common attack to buy up domain names that are similar to a popular one, with different endings, common typos, etc, and then camp malware on them. She notes that “It’s especially awesome to do this to sites that have a high likelihood for targeted visitors, like, oh, maybe Department of State and other governments.” Running the domain through some site reputation lookups came back “suspicious.”

www.brightcloud.com threat intelligence: Suspicious

http://www.isithacked.com/check/www.diplopundit.com : Suspicious returns

IRM/IA tried to access diplopundit.com and the site is redirecting to another site that tells users their computers are infected and to click on “ok” to begin the repair process. DEFINITELY malicious.  IRM/IA’s IT ninja concludes that not only did the State Department’s security systems work as needed, someone is using the reputation of Diplopundit to try to infect users who type the wrong URL.

Ugh!  So watch what you type.  She’s not sure if this is targeted or just criminal botnet activity but whatever it is, stay away from diplopundit.COM.  Also, make sure you’re not sending any email to diplopundit.COM, as that email would end up with whoever owns that shadowy domain.

The Blank Screens

Internet Explorer  (IE) is the browser compatible with the Department of State’s IT system. A couple of years ago, Chrome became an optional browser. IE8 and other old browsers are less stable, and much more vulnerable to viruses, and other security issues. It also doesn’t support a lot of things including HTML5 and CSS codes used in WordPress. In fact, we’re told that WP’s support for this browser version was dropped a while back.  Microsoft has also reported that they will end support for it themselves. So it’s not about what script is in this blog, it’s more about the IE8 browser not playing nice with the blogs. This blog displays properly on Safari, Firefox, Chrome, and on Internet Explorer 9. Our tech folks suggested that IE8 users upgrade to IE9 if at all possible.

Our readers from State can’t just do that on their own, so we asked IRM. The word is that the State Department will probably skip IE9 due to resource constraints on testing each incremental version. The good news is, it will move everyone directly to Internet Explorer 11 in December. That may sound a long way off but we’re told that the move forces everyone from 32-bit to 64-bit servers, which is not an insignificant jump for all the developers (including those for Consular Affairs and the financial services). So there is that to look forward to at the end of the year.

Our most sincere thanks to State/IRM especially to IA’s Ann who pursued this issue to the end and also WP’s Grace and her team for helping us understand what’s going on. Merci.

#

Advertisements

The Great Firewall of State Bites, State/IRM Now Considers Diplopundit “Suspicious.” Humph!

Posted: 11:43 am EDT
[twitter-follow screen_name=’Diplopundit’ ]

 

The cornerstone of the 21st century statecraft policy agenda is Internet freedom. The policy contains three fundamental elements: the human rights of free speech, press, and assembly in cyberspace; open markets for digital goods and services to foster innovation, investment, and economic opportunity; and the freedom to connect—promoting access to connection technologies around the world. A third of the world’s population, even if they have access, live under governments that block content, censor speech, conduct invasive mass surveillance and curb the potential of the Internet as an engine of free speech and commerce.

— 21st Century Statecraft
U.S. Department of State

 

We’ve made references in this blog about the Great Firewall of State, most recently, when we blogged about the FS promotion stats on race and gender (see 2014 Foreign Service Promotion Results By Gender & Race Still Behind the Great Firewall of State),  What we did not realize is that there is an entire operation at the State Department running the firewall operations from Annex SA-9.  It is run by the Firewall Branch of the Bureau of Information Resource Management, Operations,  Office of Enterprise Network Management, Perimeter Security Division (IRM/OPS/ENM/PSD/FWB).

Sometime this week, some folks apparently were no longer able to access this blog from the State Department’s OpenNet.  OpenNet is the Sensitive but Unclassified (SBU) network in the Department. It provides access to standard desktop applications, such as word processing, e-mail, and Internet browsing, and supports a battery of custom Department software solutions and database management systems.

At this time, we believe that the block is not agency-wide and appears to affect only certain bureaus.  Not sure how that works. We understand that some employees have submitted “unblock requests” to the State Department’s Firewall Operations Branch and were reportedly told that http://www.diplopundit.com/ has been categorized as “Suspicious.”

[protected-iframe id=”79cb8cd3460dcea232429340f2025f92-31973045-31356973″ info=”//giphy.com/embed/NwUJ2EVbHQ5ck?html5=true” width=”480″ height=”297″ frameborder=”0″]

via giphy.com

Holy moly macaroni!

We don’t know what constitute “suspicious” but apparently, under State’s Internet policy, this gives the agency the right to block State Department readers from connecting to this blog and reading its content.

But … but … this is the blog’s 8th year of operation and State has now just decreed that this blog is “suspicious”? Just for the record, this blog is hosted by WordPress, and supported by the wonderful people of Automattic. Apparently, the State Department’s DipNote also uses WordPress. Well, now that’s a tad awkward, hey?

Unless …

Was it something we wrote? Was it about the journalists who ran out of undies? NSFW? Nah, that couldn’t be it.   Was it about the petty little beaver? Um, seriously? Maybe that nugget about the aerial eradication in Colombia was upsetting? Pardon me, it’s not like we’re asking folks to drink the herbicide. Come again? You have no expectation of privacy when using the OpenNet? Well, can you blink three times when we hit the right note?

What should we call our State Department that’s quick to criticize foreign governments for blocking internet content for their nationals then turns around and blocks internet content for its employees?

Wass that?  The right hand does not know what the left hand is doing? Blink. Blink. Blink.

We sent a couple emails to the IRM shop — cio@state.gov and Dr. Glen H. Johnson, the senior official in charge of IRM ops asking what’s going on.  It seems the emails were chewed to bits, and we haven’t heard anything back.  Looking for Vanguard contractors to blame? Blink.Blink.Blink.  We’ll update if we hear anything more.

#