Government IT systems are infamous for their inflexibility, often leading employees to seek unauthorized workarounds. A notable example of this occurred in 2015 when a former U.S. Ambassador to Kenya used an unsecured network from a bathroom in the embassy to access Gmail, disregarding official security protocols. However, this incident pales in comparison to the actions of Navy chiefs aboard the USS Manchester in early 2023.
Secret Starlink Network on a Navy Warship
In 2023, senior enlisted members of the USS Manchester, a littoral combat ship, took drastic measures to bypass the Navy’s restrictive internet policies. Led by Command Senior Chief Grisel Marrero, they covertly installed a Starlink terminal on the warship’s “O-5 level weatherdeck,” a highly secure area. Their aim was to set up an unofficial Wi-Fi network, dubbed “STINKY,” to access sports scores, stay in touch with family, and stream movies while at sea.
The network was a blatant breach of Navy regulations, and the chiefs involved went to great lengths to hide their actions. They forged documents and misled their superiors, claiming the network was only active when the ship was in port, where security concerns were deemed lower.
Risks and Repercussions
Installing the Starlink system posed serious security risks, particularly as the USS Manchester was preparing for deployments in the West Pacific, a region with significant concerns about Chinese surveillance and hacking. Despite the risks, the chiefs involved did not prioritize operational security. They retained the Starlink system’s default name, “STINKY,” which led to suspicions among the crew.
To extend the network’s reach, the crew bought signal repeaters and cables during a stop in Pearl Harbor. When questions arose from fellow sailors, Marrero took evasive action, including changing the network’s name to something resembling a wireless printer and removing inquiries about the network from the ship’s suggestion box.
The scheme eventually unraveled on August 18 when a civilian worker from the Naval Information Warfare Center discovered the unauthorized Starlink device while installing a legitimate SpaceX “Starshield” device. This led to a comprehensive Navy investigation, which uncovered the full extent of the conspiracy.
The investigation revealed that at least 15 chiefs were involved in the operation, which was described as a “criminal conspiracy.” They had spent $2,800 on the Starlink system and used it for several months before being caught. Some chiefs even submitted falsified reports to suggest the system was only used in port.
Consequences and Court-Martial
The Navy responded sternly to this breach of protocol. All involved chiefs faced administrative punishment at a commodore’s mast, a type of nonjudicial proceeding. Marrero, the primary figure in the operation, was removed from her position and faced a court-martial in the spring of 2024, where she pled guilty to the charges.
This case underscores the serious consequences of ignoring military protocols, particularly in cybersecurity. The unauthorized Starlink setup compromised both the ship’s security and the trust among the crew. It highlights the critical need to adhere to established IT and cybersecurity protocols to protect sensitive operations.
Broader Lessons on IT Policy
The USS Manchester incident serves as a stark reminder of the pitfalls of bypassing IT regulations. It mirrors the 2015 embassy incident, where a diplomat’s disregard for IT rules led to a significant security breach. These situations illustrate the dangers of attempting to circumvent rigid IT policies, even when driven by a desire for better connectivity.
In both cases, the individuals involved underestimated the risks and believed they could avoid detection. The outcome was severe disciplinary actions and damaged reputations, emphasizing that unauthorized IT solutions, no matter how appealing, can lead to serious consequences.
Interestingly, the network name “STINKY” used by the USS Manchester chiefs may not have been entirely their creation. Reports suggest that Starlink’s default SSID was once “STINKY,” as confirmed by Elon Musk. This oversight only compounded the chiefs’ mistakes, as the unusual network name drew unwanted attention from other sailors.