lol based on the audio quality you can totally tell he’s got a portable microphone and is totally recording this from his parents spare bedroom he’s visiting for the holidays.
If you watched through to the end, you’d have seen the Nebula ad where he talks about Jet Lag The Game. If you watched Jet Lag The Game (which you should), you’d have seen him talking about recording and posting RUclips videos while traveling.
I want to see Jet Lag: The Game played by African and Asian nationals, it’d be a whole different experience as each episode may end with a contestant being placed on a watch list. It wouldn’t work for Crime Spree, because they’d just get arrested or shot halfway through the first episode.
My guess as to why the details of SCIFs are not classified: 1) The government is extremely confident this information can't be used in a successful breach. Think of what it would take to breach an SCIF. My guess is, if you have the knowledge, willingness, and ability to actually break into this facility, chances are you're a foreign nation at war with us. 2) It gives outside researchers the ability to find flaws that the DoD's own security researchers don't see.
SCIFs are only as secure as the people in them. My dad used to use SCIFs to brief congressmen, and what do you know, hours after the briefing the info would be in the news (if the info was sufficiently juicy). So anyone who wants the info in a SCIF will go through the people who were in it, rather than the arduous task of compromising it some other way.
Passwords that are complex, multi character, at least 16 characters long, like this one I just autogenerated: 1RA9P9x1#rt*6N4v, is nearly impossible for computers to crack, if all of your passwords were like that and you never wrote them down anywhere. Security protocols, when observed, are also highly effective at actually preventing espionage or leakage of information. The trouble with most security systems is the human element of them and our propensity for laziness or cheapness, often both simultaneously.
I feel old. I was a Yeoman in the navy in the early 90's and everything confidential and secret were sent registered mail and we had to use double envelopes and seal them with thick tape.
We had a SCIF on our compound and the amount of security was crazy. It was behind 3 layers of armed dudes. The main gate, the gate onto our compound and then surrounded by T walls.
When I woke up today, I had no idea that I'd be reminded of so many hours explaining to lieutenants that their thumb drive no longer really belonged to them after they used it to upload a briefing they were supposed to type and email.
@@thestateofalaska When they commissioned? If only they were so lucky. They'll do the module so much that it's just muscle memory. They'll have recurring nightmares about seeing their phone being stolen in an empty cafe, but being unable to stand up, because they know "He" is right behind them. Watching them. Scoring them. Judging them.
2:58 This is not quite accurate. Only items with non-volatile (storage) memory can inherit classification if plugged into a classified information system. Things like dumb USB mice, analog headphones, cables, etc. are unable to store data after being unplugged and therefore do not inherit this classification. Your rock does not have volatile or non-volatile memory and therefore would not become classified. Edit: Also, during the classification process, a "declassify by " needs to be specified on the media so there is no burden to protect the classification "forever" Edit 2: Didn't expect this comment to blow up. For people who are interested, equipment manufactures publish a Certificate of Volatility which guarantees/proves any data written to the device cannot be stored after it is powered off. Equipment with this certificate can be plugged into a classified IS with no issues.
It is also worth mentioning that the government usually provides its own periphials for these things incase someone does try to plug in any items that can store data. It would not suprise me if they confiscate any object, even things that should be unable to store data, that get plugged into these networks under the assumption that they may have been modified to store data. Just speculation on my part though.
@@josephjones4293 I work for a defense contractor and we typically make sets of systems where all items in a set have a matching serial number associated with that set. Typically, if a whole system goes under control then the peripherals would similarly stay with the set and be kept in the safe just for logistics. If the item (headset) was USB and stored equalizer presets or something then yes it would need to be under control, but if we're talking about dumb 3.5mm analog headphones then there is no requirement to classify it - it is likely just "secret" to stay with the other hardware
I once did some networking work in a building that had SIPRNET. We didn't touch it as we were only working on a less secure network. But the security around it was pretty cool. The cables were run through conduit that had lower air pressure inside so that if someone tried to tap into a cable in the middle it would detect the change in pressure and set off alarms.
I'd like to point out that the original military cipher was not actually a cipher, but instead a code, as codes are words represented in an obfuscated form, while ciphers are letters represented in an obfuscated form. Both of them can be referred to as encryption.
I assume the reason the SCIF's specification is freely available is because. A. It requires contractors to build, and not all contractors can be trusted with Confidential information. B. It allows other world governments to find and fix security faults and also proves these facilities are legit. Considering "Security through obscurity" is considered bad practice. C. I can't think of a way to complete the rule of thirds. I guess it is just good for some non-governmental organizations. Same reason why GPS was made public.
I don't think the US wants to help other governments build more secure facilities. Easier job for the CIA if there are known flaws in FSB data centers. Also it would only be better, not worse, to only give contractors the spec, as publicizing it exposes it to a greater superset of people and poses risk that is not less than if only contractors got it.
Regarding the 'Security through obscurity'-bit: Whilst it's a bad idea as a primary defence, it can work just fine as a generic surface level thing. The actual defences obviously still have to come afterwards. Obscurity won't ever work against people who are actively looking, but you can compare it to parking your bicycle in the shed, versus leaving it out front. Fewer people actively thinking/coming across something, means fewer people who may fiddle with it/steal it, 'just because they felt like it'. A bit like the 'out of sight, out of mind'-principle, in that regard. Kinda like having a Generic Unlabelled Office Building #52644-A, instead of a super fancy one, with a "TOP SECRET FBI HEADQUARTERS - NO PEEKING"-sign out front.
It’s likely to be the same reason no digital security encryption algorithm is to be considered secure if it’s closed source. The best way to make anything secure is have the world try and break it and tell you when they do!
@@Alighierian No, security through obscurity is almost never a good idea. That's why all of the government cryptographic algorithms are completely 100% public. Why? Because it's far better for millions of people to scrutinize the algorithms for flaws, instead of just a handful of experts. The same is true for basically any security system: more people examining the system means they are more likely to find (and fix) the flaws. This is a well known phenomenon. Your examples are about protecting a specific physical item, not about protecting information (which is a completely different thing). Information works completely different than the physical world, you cannot use physical analogies for it.
I was given a tour of a DOJ SCIF in the late 90's and here is what I remember. The door had a combination lock that randomized the number layout after each turn of the dial. All the computers had removeable hard drives that were kept in a safe within the SCIF. Also, the surrounding walls, floor and ceiling did form a faraday cage.
Now of days they just give you a badge and you have your own pasecode with it. The badge will determine what buildings you're allowed into and you just scan you badge and type in your pass code
@@cameronrobertson640The numbers do still randomize after each key press though, according to someone I know that worked for one of the contractors that builds SCIFs and the systems that go with them.
Randomized number pad layouts are still a thing that the security team can set, such as for the room alarm that classified work spaces often have once past the door locks.
Quick correction about packet switching. It doesn't actually necessarily send packets across different paths, it just sends a packet on a free path so let's say the time one packet reached the next node, one packet has been sent then the 3rd packet could be sent on the same path as the first one.
This is the first time I have ever heard someone actually spell those out like that... It's always just skiff and Jay wicks. It was jarring to hear. HAI normally does good research, but it's pretty clear they didn't talk to someone who really uses this stuff and just summarized some articles online about it.
@@neillthornton1149 to be fair, it'd be hard to find someone to talk to that works in one that'd tell you much anyway. My work has a SCIF but I don't have access to it and if you don't work there you have no idea what goes on
@@Mindcrackings I mean, even things people would gladly talk your ear off about they don't ask... The grammar in the toki pona video was painfully bad.
@@Mindcrackings there are plenty of people, myself included, who have deep technical knowledge in this world and would be glad to talk to people about things like this. You can talk about it without revealing anything that's classified.
Don’t forget the flashing purple lights to let people know if there are visitors so they don’t accidentally talk about something they’re not supposed to
You could have also mentioned a few additional SCIF features, which applies to facilities located in the U.S.: o. Man Traps (that is what they call them.) Man traps are barriers that begin just above ceiling, and extend all the way up to the underside of the roof. In the horizontal, they run along the entire perimeter of the SCIF. The barriers are sometimes a solid wall, but are more often a steel grid; picture chain link fencing, but with much heavier material, and a tighter open space pattern. Sometimes the man trap material will also be embedded within the walls, ceiling, and floors. The purpose of this feature is pretty much contained in the name; you don't want outsiders dropping into your secure room from ceiling. o. Shielding. You talked about wall construction, and it should be mentioned that the entire room is shielded to prevent the escape of electromagnetic signals. This means that the walls and ceiling have a continuous surface of copper, or some other conductive material, which is usually a fine mesh, rather than solid material. The floor of the SCIF is usually elevated to allow the shielding material to run under the floor without interruption. In this case, the door is approached from outside by a small ramp. There is only one door, which is shielded in the same manner as the walls, except that there are a great number of flat "fingers" made from a conductive material that can be heat treated to have a spring temper, such as beryllium copper. These fingers run along all 4 edges of the door, and are connected electrically to the shielding inside the door. The door opening has a continuous piece of rubberized conductive material that is connected electrically with the wall shielding; picture the rubber around your refrigerator door, but with a wrapping of fine metal mesh. When the door is closed, the fingers on the door press up against the flexible material, thereby making the door a part of the wall, electrically. Access to the SCIF is usually controlled by a cipher lock. Because of the shielding, cell phones do not work inside the SCIF. If you need to communicate with anyone outside the SCIF, there is a "red line" available; yes the phone is often red in color. This is because all electronic data inside the SCIF is separated into "red" and "black"; the black data is the secret stuff. If black data needs to leave the SCIF, the data will be encrypted, and the data cable will be run through a shielded and armored conduit, which must be certified to reject X number of minutes of chainsaw/grinder attack, as well as fire; at least that was a requirement for one of SCIFs that I worked in. The SCIF is usually a self contained room inside a larger building, but obviously, the outer facility's air conditioning vents cannot be allowed to penetrate the protected barrier of the SCIF, so it can get hot in there. Usually, the SCIF will have its own isolated air conditioner. o. One must hold some level of government issued security clearance before one can enter a SCIF. If you have read this far, you probably noticed that the customer specification requirements for a SCIF can vary, depending on "how secret" the project needs to be. Usually, these rooms for government projects; the government will flow their requirements down to the subcontractor, who will flow them down to sub-subcontracors, if any. I am no expert on this topic, and there are more considerations for secure rooms than what I have written here. I did not realize that I had written so much until I went back to proof-read it, so I hope that I have not inadvertently bored the hell out of anyone who read this.
I knew a guy who was working construction in a place with a SCIF room. Started to drill a hole in a wall into the man traps to run cable through, because nobody informed him he couldn't/shouldn't. Must have triggered something or somebody saw it. He and the guy who was helping him were questioned by some MPs for the next 5 to 6 hours while they I assume did a even more thorough background check than they had to do to get onto the base and get clearance to even work there. I always thought that story was hilarious because the guys who let them into the room next to the SCIF probably didn't mention it because the contractors had no need to know about it.
Wouldn't a air conditioner be considered a potential access point for siphoning information out of a SCIF since it would require a connection to outside the SCIF to move cooler air into the room? Any light you wish to share on that problem from a purely hypothetical point of view?
@@FlyingVolvomy assumption was that it’d just be one of those things that’s like an insulated box of ice water with a fan on top, not like a whole unit that gets put into the wall.
@@FlyingVolvoIf the airconditioning unit is located outside the SCIF, the air can be ducted in through a honeycomb waveguide vent. It's essentially a metallic vent with a ton of tiny holes (hence the honeycomb name). This minimizes the RF and sound leakage through the room. You'd also want some sort of non-conductive collar between the vent and the duct to prevent conduction of RF radiation.
Only the most amazing most presidential most beautiful secure documents are chosen to be stored at Mar-a-Pago, believe me folks, I’ve seen them and no one has documents like these, it’s really tremendous.
Because this is HAI, and pedantry is expected…we absolutely still distribute information on British warship movements. The difference now is that: 1. The British told us and 2. We are likely distributing the information to other British.
Not just that, but encrypted data and digital voice on HF are still widely used for military communications. Sure, SATCOM has gained a lot of use over the years, but HF will still (sometimes) get the job done if all else fails.
Worth pointing out that most government agencies have separate classification systems that are analogous to DoD but don’t directly correspond (e.g. Energy, Treasury, etc.). Often the systems are compatible enough to inter-connect but occasionally it creates other issues since security vs. resIliency often DO differ between agencies.
So, that's not really the case, or if there are any of these separate classification systems, they are few and far between. The entirety of the U.S. Intelligence Community (to include the Dept of Energy's Office of Intelligence & Counterintelligence and the Dept of Treasury's Office of Intelligence & Analysis) utilize the same classification system as DoD.
Fun fact due to the way that congressional laws trump executive orders, the DOE's classification system tends to override any other agency's when there's a conflict in the rules. One way this is evident is that the president, as commander in chief, can unilaterally declassify anything he wants anytime he wants EXCEPT if it has to do with nuclear secrets under the auspices of the DOE (see trump being an idiot). Another funny consequence is that US marshals are legally empowered to pursue and arrest people with federal warrants anywhere in the universe...except in nuclear power plants which are under sole jurisdiction of the DOE.
The only thing that I can bring to mind are designations for controlling the dissemination of Unclassified documents (i.e. For Official Use Only (FOUO)). This information is still Unclass, so if some legal process requested that information (like a FOIA request), there'd be no barrier to obtaining it, but its stuff the agency would rather its employees not post on social media. Previously, each agency had its own systems for how to label and treat this kind of information, but it caused confusion when sharing information between agencies. This practice has been standardized through the Controlled Unclassified Information (CUI) specification, as mandated by EO13556. All Executive agencies are required to use the same standards for data Classification, as outlined in EO12356.
Classifications are the same, but the networks that each bureau/agency uses to process that level may or may not allow for specific traffic depending on policies and how well the firewalls in between are built. For example a DoD SIPRNet user might be able to send email to the equivalent at State or Justice, but even with a fully built site account they might have to log into a Secret-level State/Justice workstation to get into the online sites in those networks because of blockages for DoD SIPR or outside the State/Justice Secret network altogether.
Always get a kick remembering someone from my shop was browsing FB on a SIPRNET approved computer when on a training exercise. Good times were had by all except him.
Technically the public internet is packet switched as well. It's just that with the consolidation of backhaul providers, more stable connections, and modern routing logic, not to mention lack of redundant connections for most people, it's unlikely that your packets will go different routes. But they *could.*
@@GeoffCostanza Reminds me of when soldiers leaked classified tank data to War Thunder in order to prove that War Thunder's tanks are inaccurate... this happened 3 times.
Not really, most of the data you're going to hear is Unclassified, just generally only used for official purposes. So you're not generally going to hear people talking about it, but the data is out there a lot of the time if you want to find it. That being said people who work in these areas are generally nerdy internet dwellers, and as a result, often like these types of videos, and get curious what other people think. Hence as you can imagine, the comment section is filled with loads of people who work in SCIF's.
@@OtKH00 if you have that many people working in SCIFs, then nothing is really classified other than what is contained in such conversations... tho I wonder are there lots of "sexual relations" going on in these facilities, presuming the SCIFs are not too guarded as one might have thought... it's basically leak proof, but probably not sweat proof from what I heard in this comment section... (and the thereafter consequence of one...
Great video. Accurate enough. I used to be a JWICS admin and worked in a SCIF for 5 years. Depending on the compartment, you could even essentially have a SCIF within a SCIF.
Yup, I was read in to a SAP and it required a space that was accessible only by those that had same read-in and knowledge of the combination lock. Regular cleared had no access
SCIFs are such a widely varied thing. They get built for whatever specific purpose they need to serve. Some are simply one room with a secret phone and PC. Some are massive and are basically the entire building, with multiple additional SCIFs within it.
I signed up for curiosity stream / nebula with your link !!!! I LOVE IT !!!!! Thanks for the amazing content, keep it up and have a fantastic start to 2023!
Next video you can go even deeper and talk about the various CENTRIX systems. They are basically SIPRNET systems, but run between the U.S. a various foreign countries. There are also multiple SIPRNET systems operating within the U.S.; local ones dealing with classified information pertaining to a specific region or base and the "global" SIPRNET.
Holy Crap so my mom was a secret agent when I grew up? She liked hanging clothes outside in the air because she thought it was better than a dryer Think of all the messages she had outside that our neighborhood could have cracked!
That might be why your neighbor visited your mom so often after making laundry whenever dad was not around, and then there seemed to be even more laundry after that.
That's all government crypto is really, just maintaining a very specifically configured VPN with tracked sets of (nowadays file downloaded) keys. Running on aluminum _bricks_ that are often 10~20 years old.
The entire INTERNET, World Wide Web included, uses packet switching. That's the basis of the Internet Protocol (developed under a DOD contract in the mid '60s to make nuclear war survivable.)
Note that the 736 word dictionary was not a "cipher" -- which can be cracked -- but a "code", which is essentially impossible to crack without stealing the dictionary.
That would be quite wrong. Assuming the code was never or infrequently updated, it would still be subject to frequency analysis and known plaintext attacks. As it was hundreds of years ago and on physical media, it was probably reasonably secure against that. However, it isn't anywhere near impossible. It simply would have required secretly intercepting and copying coded texts, and if the attacker could inject known text into the system, it would speed up the attack.
@@tiktokjourney8472 That is breaking the *use* of the code, which is a couple of extra layers on top of the code proper. My understanding is that it's 3 or 4 orders of magnitude harder to crack a code than a cipher, and goes up from there if the people using it are doing it correctly. At the very least, it's a big enough difference to warrant my commenting on it, even if you feel I've overstated the case.
@@baylinkdashyt not really. A codebook isn't "hard to crack". It is simply a substitution cipher with fewer characters to analyze. It is mainly about obfuscation and brevity. It probably would have been harder to break at the time as it would have been difficult to gather enough cipher text for frequency analysis. The easier method would be a known plaintext attack, but that is difficult in ensuring your desired text is sent AND that you intercept it once encoded. That is probably the biggest difference between encryption prior to WWI and after. Prior to WWI, nothing was transmitted by radio waves, and rarely by telephone or telegram. You had to physically intercept the message which almost always alerted your opponent you had done so. Once radio became a primary method of communication, then you had to assume your opponent could intercept all your communications so it was much more important to design more robust ciphers. I believe someone mentioned Enigma. Engima was very advanced for its time, and its greatest weakness was operator error. Meanwhile, the US Navy had learned the value of padding at the beginning and ending of messages and thus you get "The world wonders".
Big fan of this channel and I know this is a totally random, barely related comment, but I knew the guy with glasses in the stock footage at 1:36. Joe DeCola was an absolutely fascinating man with a huge heart and an even huger laugh. He passed away in 2022 and is missed by so many people. It made me really emotional to see him so unexpectedly here.
Regarding Sipernet, I know from experience that if you plug in a memory stick into a computer on the network, and then plug it into your personal laptop, your laptop is now secret also. My coworker had personal pics on his laptop that he wanted to be the home screen on his government laptop. So without thinking he put them on his USB drive and downloaded them on his government laptop. He then continued to use the same device on his personal laptop. So without knowing it, he made his memory stick and personal laptop classified secret. So now his laptop had to be kept in a secure location (we were on a submarine on deployment. Every inch is secret until we pull into port, in which case he would need to lock it in a safe). He could no longer connect to the internet or download things off his laptop. I don’t remember what the resolution was. I think they had to wipe everything. Just like they wiped away his rank as a result.
As an architect, that wall construction for the rooms is not actually that acoustically separated. You’d find better acoustic separation between two condos.
Maybe that's why the material is public. So everyone things these are the specifications while the room is actually made with even better techniques. ;D
@@sarmion4382 It is not the materials per se that make the room secure. Attached to the wireframe is a high frequency shaker that constantly changes it frequencies. This makes it near impossible to listen in a conversation. It's also like a speaker that it dubbing the sound with random other words. Why words, because words have patterns and if you would just replace it by white noise, you can still looks for patterns in the noise. From what the contractor told me, if you would try to listen in, it's like a hundred different conversations are taken in the room. For windows they have a similar device that alters the frequency at which the lights are reflected. The reason why the specifications are available is so this SCIF's can be build by any contracted. Once a SCIF is completed, a certification process is required. Only when the SCIF passes that certification, a secure terminal is installed. Also the document in this video is only the abstract base specification. Many department have addendums to these specifications, some are public, others require a signed NDA. Most of these 'secure' specifications have visible and non-visible ways to find out who leaked a document. Leaking these documents is a very serious crime which starts with revoking your security clearance. For many people this means they can no longer perform their job, and because many similar jobs are require your to have or are able to acquire a security clearance, it is very hard to find new employment. It is even worse if you are the owner of company, because the credentials of the company are also revoked. Your behavior is at least investigated by the DHS and serious charges can be filed against you and usually handled by a FISA court. p.s. I'm on a secure network for a different department than the DOD.
I think my favorite method was Cardan Grille or Mask Letters which the British used and the Americans didn't crack. A letter is written that contains two messages with the intended one only revealed when a cutout paper mask, sent separately, is placed over the letter.
No one spells out the acronyms. They're pronounced SKIF and Jay Wicks. Classification criteria has a very specific definition and over classification is prohibited by law. The SCIF specs aren't classified for a couple of reasons: one, the information doesn't meet the standard; two, any construction worker or engineer would need a clearance for that level. It can take months to years to get all of it approved. Finally, classified information isn't just a clearance level. There are also compartments and releasabilities. You could have a TS, but you likely wouldn't be able to see anything because it's mostly segmented up into programs, which you need special clearances and access to.
It may seem ridiculous that all media plugged in to SIPR devices must be classified (i.e. a USB rock), but it’s vital that only approved technology are allowed in closed spaces. One could imagine the consequences of connecting a computer mouse that had “additional functionality” unbeknownst to the user. Also I’m not sure if this is standard, but JWICS can be pronounced like “jay-wicks”
It makes sense, too. It might be worthwhile for some foreign intelligence agency to build a few thousand 'enhanced' mice, pack them up as legitimate merchandise, and reverse-shoplift them into office supply stores around Washington DC. For the project to pay off they'd only have to get lucky once...
I'm pretty sure I once worked on assiting one of these type of connections being installed. I wasn't told a lot but I was informed it was for some sort of secure internet connection for receiving data in regard to government contracts worked on by the company we were working in. As this video continues, I realize this must be exactly what it was for.
Am I the only person who feels like Sam's voice is heavily compressed, like I'm listening to him over shortwave, with a potato plugged into two tin cans?
I've used JWICS, I'm just an IT guy though so I have never been issued PKI's or the credentials needed to actually access the information on the network
This is the very high level overview of one layer of military communications networks and security. The really important related item is security clearances and the "need to know". There is a complex process to obtain a clearance. And, just because you have a clearance doesn't mean you have a need to know, or a need to obtain login credentials for one of the networks or the ability to gain access to any of the classified facilities that have such computers and networks in operation. And, let's not forget these facilities and networks have physical crypto hardware that has to be loaded with the crypto keys each with a security classification, distributed and tracked from a central facility, that have to be loaded, updated, and destroyed at prescribed times, including emergency re-keying when a device or key is compromised, all administered by career personnel whose job is to manage crypto keys. It's false to believe that some ex-government official that still has a clearance can someone access classified material. They retain their clearance for many reason, one of which is so that they would still be able to answer questions in an investigation that may arise about the classified material they once accessed or possibly mis-handled.
in my experience with the armed forces, any “minor” infraction you do pertaining SIPRNET system’s will immediately get you into UCMJ (Uniform Code of Military Justice) which is basically prison so yeah it was no joke
They decided not to use bricks because they didn't want those bricks accidently used in the border wall with Mexico. You know- the one that's totally, seriously, I promise any day now, going to get built. And paid for by the Mexicans too /sarcasm and also Smh
The Australian Military had a courier system for transferring classified documents by hand from place to place and person to person. For many years I was one of these couriers.
The USB rock thing is incorrect, the device cannot have volatile storage. In fact I KVM between all three systems with the same mouse, keyboard and monitor every day.
@@iammaxhailme it’s literally a pass through via usb. Most peripherals (non-volatile storage) are authorized to be plugged directly into the computer/VDI & are swap-able from machine to machine. Unless you’re in a SAP-F (a more secure SCIF)..then every piece of equipment is destroyed as soon as it is removed from the space. Wireless mice are allowed on NIPR and SIPR outside of a SCIF. Wireless keyboards are never allowed. Local policies do shift a little with restrictions.
@@justincalvarez A SNCO actually used a RGB keyboard in the SCIF (it had volatile storage for color settings) and the security manager just about had a stroke. It was a source of a lot of workplace drama, the keyboard had to be destroyed
@@annai157 really no reason not to. A huge chunk of jobs in the military require at least a Secret, and every single commissioned officer is required to have a Secret. Most people get a clearance but never have a need to look at classified info, it's just required to have the clearance to have that MOS. Even just generic MP required I get a Secret.
@@RanCham727 I agree that many, many people have them. But I've also seen many, many people lie about having one, in order to impress. Sadly "stolen valor" is a rather common phenomenon.
@HaI I'm 25N, sipr nipr is my bread & butter. You missed the perfect oppurtunity to delve into the satelite network system that carries said classified information, Skynet. (yes the same network system name as in Terminator)
It may very well be. That hasn't been discussed in any of the news stories which are all written by people who have no clue about SCIF's, clearances, or the need to know. A facility could be as small as a single GSA approved safe for a particular classification.
This is a good question actually. It is an established fact that Donald trump had a SCIF installed at mar a lago because he would go there all the time. I’m not sure if that data was seized from the SCIF at mar a lago. If it was then Donald trump would be less likely to be charged. If it wasn’t stored in a SCIF then Donald trump should definitely be charged and convicted with mishandling classified information.
@@damm41 Considering that Hillary wasn't charged or convicted despite her absurd mishandling of classified information (as proven by the e-mail leaks), I doubt anything will happen to Trump either.
@@damm41 Not if he declassified it. The entire classification/declassification process is directed by Executive Order. However, the EO doesn't apply to the President or VP, just everyone else in the government/military. The President and VP can each declassify at will. So, his process is whatever he says it is. If he says he declassified it, that was his process. PERIOD.
I've been in the Army for nearly a decade now. We absolutely have not updated our methods for transmitting military secrets. We may have _changed_ the methods, but they aren't exactly _updated_
I love how "computer code" being shown on videos like these are 90% of the time HTML, which isn't even a Turing-complete programming language (i.e., you can't do stuff you can do on other programming languages). It's one of the few languages you can't hack with.
@@tom4794 thanks tom, i found the email. I went to curiosity stream accounts and saw nebula was on premium so i thought that was the issue. Thanks again
@@PrograError just now seeing this. Some portable media devices are approved but they have to be quarantined and thoroughly checked for two weeks before being allowed into the plant
I wanted to take advantage of your nebula deal, but credit cards arent as common in my country as they may be in the usa. A paypal option would be great
What is the reason for not classifying the SCIF requirements? The definition of what is classified. "Secret classification shall be whether its unauthorized disclosure could reasonably be expected to cause serious damage to the national security." disclosing the room requirements does not cause damage to US national security.
We replaced the BAS (building automation system) in a Canadian Naval School/office and a couple of offices where lent to the US Navy. When we had to work in there, they had cleaned their office of pretty much everything inside it and every single one of us had a nice little US Navy guy (sailor ?) watching everything we were doing.
@@buddyclem7328 It's upsetting that some people still insist that gif is pronounced with a J. I mean it's an abbreviation for "Graphics interface format." Graphics. G. Graphics. Guh guh graphics Are all of those J pronunciation people trolling?
lol based on the audio quality you can totally tell he’s got a portable microphone and is totally recording this from his parents spare bedroom he’s visiting for the holidays.
Naah, while he is doing jet lag or smth
He’s probably filming jet lag too
If you watched through to the end, you’d have seen the Nebula ad where he talks about Jet Lag The Game. If you watched Jet Lag The Game (which you should), you’d have seen him talking about recording and posting RUclips videos while traveling.
I want to see Jet Lag: The Game played by African and Asian nationals, it’d be a whole different experience as each episode may end with a contestant being placed on a watch list.
It wouldn’t work for Crime Spree, because they’d just get arrested or shot halfway through the first episode.
okay so it’s not just me who noticed lol 😅
My guess as to why the details of SCIFs are not classified:
1) The government is extremely confident this information can't be used in a successful breach. Think of what it would take to breach an SCIF. My guess is, if you have the knowledge, willingness, and ability to actually break into this facility, chances are you're a foreign nation at war with us.
2) It gives outside researchers the ability to find flaws that the DoD's own security researchers don't see.
SCIFs are only as secure as the people in them. My dad used to use SCIFs to brief congressmen, and what do you know, hours after the briefing the info would be in the news (if the info was sufficiently juicy). So anyone who wants the info in a SCIF will go through the people who were in it, rather than the arduous task of compromising it some other way.
The biggest threat is always the people trusted to be there in the first place.
you can make a scif all you want. but until is certified it's useless. you won't be getting any data anyway.
Good points, I would add that it would also make sense to mislead a little. Hopefully you understand what I mean.
Passwords that are complex, multi character, at least 16 characters long, like this one I just autogenerated: 1RA9P9x1#rt*6N4v, is nearly impossible for computers to crack, if all of your passwords were like that and you never wrote them down anywhere.
Security protocols, when observed, are also highly effective at actually preventing espionage or leakage of information. The trouble with most security systems is the human element of them and our propensity for laziness or cheapness, often both simultaneously.
I feel old. I was a Yeoman in the navy in the early 90's and everything confidential and secret were sent registered mail and we had to use double envelopes and seal them with thick tape.
It still can be sent via the mail.
@@Patriot-bn9om I guess officially the USPS is deemed trustworthy but the new Russian immigrant mailman might not be as trustworthy as on paper...
10 years ago we were sill fedex-ing secret HDDs
As I understand, it's still OK to registered mail SECRET things if you want to.
Sent a small secret key by USPS and send documents of the parcel with it on a separate package.
We had a SCIF on our compound and the amount of security was crazy. It was behind 3 layers of armed dudes. The main gate, the gate onto our compound and then surrounded by T walls.
all you need to get in is a clipboard, a clean high visibility vest and a pen.
@@sirBrouwer I'm afraid it's not that simple. Might work in construction sites, not for this type of place.
BAF?
@@ArtemisFowl01 okay just add a keycard with your library card on it.
@@sirBrouwer Still not that easy.
When I woke up today, I had no idea that I'd be reminded of so many hours explaining to lieutenants that their thumb drive no longer really belonged to them after they used it to upload a briefing they were supposed to type and email.
You mean the 20 minute CBT they did when they commissioned didn't stick with them?? Impossible!
"With all due respect, uhh, SIR..."
People
We put tape over the USB ports for a reason
@@thestateofalaska When they commissioned? If only they were so lucky. They'll do the module so much that it's just muscle memory. They'll have recurring nightmares about seeing their phone being stolen in an empty cafe, but being unable to stand up, because they know "He" is right behind them. Watching them. Scoring them. Judging them.
2:58 This is not quite accurate. Only items with non-volatile (storage) memory can inherit classification if plugged into a classified information system. Things like dumb USB mice, analog headphones, cables, etc. are unable to store data after being unplugged and therefore do not inherit this classification. Your rock does not have volatile or non-volatile memory and therefore would not become classified.
Edit: Also, during the classification process, a "declassify by " needs to be specified on the media so there is no burden to protect the classification "forever"
Edit 2: Didn't expect this comment to blow up. For people who are interested, equipment manufactures publish a Certificate of Volatility which guarantees/proves any data written to the device cannot be stored after it is powered off. Equipment with this certificate can be plugged into a classified IS with no issues.
It is also worth mentioning that the government usually provides its own periphials for these things incase someone does try to plug in any items that can store data. It would not suprise me if they confiscate any object, even things that should be unable to store data, that get plugged into these networks under the assumption that they may have been modified to store data. Just speculation on my part though.
Chinese spies will start selling suspiciously cheap USB mice on Amazon in about 3 hours.
When i served in the army, i definitely had a classified headset for use in classified meeting roomz that was kept in a safe…
@Santa Claus 🌲 spam, nobody wants to watch this
@@josephjones4293 I work for a defense contractor and we typically make sets of systems where all items in a set have a matching serial number associated with that set. Typically, if a whole system goes under control then the peripherals would similarly stay with the set and be kept in the safe just for logistics. If the item (headset) was USB and stored equalizer presets or something then yes it would need to be under control, but if we're talking about dumb 3.5mm analog headphones then there is no requirement to classify it - it is likely just "secret" to stay with the other hardware
I once did some networking work in a building that had SIPRNET. We didn't touch it as we were only working on a less secure network. But the security around it was pretty cool. The cables were run through conduit that had lower air pressure inside so that if someone tried to tap into a cable in the middle it would detect the change in pressure and set off alarms.
Imagine someone really fat went into the room, changed the pressure of the room, and set off alarms
@@someasiandude4797 what?
@@richardmillhousenixon you heard him.
@@someasiandude4797😂😂tf
SIPR is baby level secret coms.
I'd like to point out that the original military cipher was not actually a cipher, but instead a code, as codes are words represented in an obfuscated form, while ciphers are letters represented in an obfuscated form. Both of them can be referred to as encryption.
just like the Enigma Machine.
"and hail ... bloody hilter" ~ Alan Turing, The Imitation Game
I assume the reason the SCIF's specification is freely available is because.
A. It requires contractors to build, and not all contractors can be trusted with Confidential information.
B. It allows other world governments to find and fix security faults and also proves these facilities are legit. Considering "Security through obscurity" is considered bad practice.
C. I can't think of a way to complete the rule of thirds. I guess it is just good for some non-governmental organizations. Same reason why GPS was made public.
I don't think the US wants to help other governments build more secure facilities. Easier job for the CIA if there are known flaws in FSB data centers. Also it would only be better, not worse, to only give contractors the spec, as publicizing it exposes it to a greater superset of people and poses risk that is not less than if only contractors got it.
Regarding the 'Security through obscurity'-bit:
Whilst it's a bad idea as a primary defence, it can work just fine as a generic surface level thing.
The actual defences obviously still have to come afterwards.
Obscurity won't ever work against people who are actively looking, but you can compare it to parking your bicycle in the shed, versus leaving it out front.
Fewer people actively thinking/coming across something, means fewer people who may fiddle with it/steal it, 'just because they felt like it'.
A bit like the 'out of sight, out of mind'-principle, in that regard.
Kinda like having a Generic Unlabelled Office Building #52644-A, instead of a super fancy one, with a "TOP SECRET FBI HEADQUARTERS - NO PEEKING"-sign out front.
It’s likely to be the same reason no digital security encryption algorithm is to be considered secure if it’s closed source.
The best way to make anything secure is have the world try and break it and tell you when they do!
It's nothing special. It's a faraday cage with sound damping :s
@@Alighierian No, security through obscurity is almost never a good idea. That's why all of the government cryptographic algorithms are completely 100% public. Why? Because it's far better for millions of people to scrutinize the algorithms for flaws, instead of just a handful of experts. The same is true for basically any security system: more people examining the system means they are more likely to find (and fix) the flaws. This is a well known phenomenon. Your examples are about protecting a specific physical item, not about protecting information (which is a completely different thing). Information works completely different than the physical world, you cannot use physical analogies for it.
Audio is amazing as per usual! Keep up the good work guys
I was given a tour of a DOJ SCIF in the late 90's and here is what I remember. The door had a combination lock that randomized the number layout after each turn of the dial. All the computers had removeable hard drives that were kept in a safe within the SCIF. Also, the surrounding walls, floor and ceiling did form a faraday cage.
Now of days they just give you a badge and you have your own pasecode with it. The badge will determine what buildings you're allowed into and you just scan you badge and type in your pass code
@@cameronrobertson640The numbers do still randomize after each key press though, according to someone I know that worked for one of the contractors that builds SCIFs and the systems that go with them.
Randomized number pad layouts are still a thing that the security team can set, such as for the room alarm that classified work spaces often have once past the door locks.
Quick correction about packet switching.
It doesn't actually necessarily send packets across different paths, it just sends a packet on a free path so let's say the time one packet reached the next node, one packet has been sent then the 3rd packet could be sent on the same path as the first one.
Just FYI people generally don't use the acronyms when referring to SCIFS and JWICS. It's said like "Skiff" and "Jay Wicks"
This is the first time I have ever heard someone actually spell those out like that... It's always just skiff and Jay wicks. It was jarring to hear. HAI normally does good research, but it's pretty clear they didn't talk to someone who really uses this stuff and just summarized some articles online about it.
@@neillthornton1149 to be fair, it'd be hard to find someone to talk to that works in one that'd tell you much anyway. My work has a SCIF but I don't have access to it and if you don't work there you have no idea what goes on
@@Mindcrackings I mean, even things people would gladly talk your ear off about they don't ask... The grammar in the toki pona video was painfully bad.
@@Mindcrackings there are plenty of people, myself included, who have deep technical knowledge in this world and would be glad to talk to people about things like this. You can talk about it without revealing anything that's classified.
@@Mindcrackings He'd just have to contact the nearest DoD public affairs office
Do you think the U.S. sends top secret bricks around the world too?
No way, they keep their bricks to themselves
They ain't sharin' no brick
@Correct the bot gained sentience
Of course but they’re made of gold
Yes with information etched in microsocpic pictographs with each brick only having a fraction of the full code it's called Brickdographics-7397.210
The bricks used to build the Pentagon are a closely-guarded government secret.
Don’t forget the flashing purple lights to let people know if there are visitors so they don’t accidentally talk about something they’re not supposed to
You could have also mentioned a few additional SCIF features, which applies to facilities located in the U.S.:
o. Man Traps (that is what they call them.) Man traps are barriers that begin just above ceiling, and extend all the way up to the underside of the roof. In the horizontal, they run along the entire perimeter of the SCIF. The barriers are sometimes a solid wall, but are more often a steel grid; picture chain link fencing, but with much heavier material, and a tighter open space pattern. Sometimes the man trap material will also be embedded within the walls, ceiling, and floors. The purpose of this feature is pretty much contained in the name; you don't want outsiders dropping into your secure room from ceiling.
o. Shielding. You talked about wall construction, and it should be mentioned that the entire room is shielded to prevent the escape of electromagnetic signals. This means that the walls and ceiling have a continuous surface of copper, or some other conductive material, which is usually a fine mesh, rather than solid material. The floor of the SCIF is usually elevated to allow the shielding material to run under the floor without interruption. In this case, the door is approached from outside by a small ramp.
There is only one door, which is shielded in the same manner as the walls, except that there are a great number of flat "fingers" made from a conductive material that can be heat treated to have a spring temper, such as beryllium copper. These fingers run along all 4 edges of the door, and are connected electrically to the shielding inside the door. The door opening has a continuous piece of rubberized conductive material that is connected electrically with the wall shielding; picture the rubber around your refrigerator door, but with a wrapping of fine metal mesh. When the door is closed, the fingers on the door press up against the flexible material, thereby making the door a part of the wall, electrically. Access to the SCIF is usually controlled by a cipher lock.
Because of the shielding, cell phones do not work inside the SCIF. If you need to communicate with anyone outside the SCIF, there is a "red line" available; yes the phone is often red in color. This is because all electronic data inside the SCIF is separated into "red" and "black"; the black data is the secret stuff. If black data needs to leave the SCIF, the data will be encrypted, and the data cable will be run through a shielded and armored conduit, which must be certified to reject X number of minutes of chainsaw/grinder attack, as well as fire; at least that was a requirement for one of SCIFs that I worked in.
The SCIF is usually a self contained room inside a larger building, but obviously, the outer facility's air conditioning vents cannot be allowed to penetrate the protected barrier of the SCIF, so it can get hot in there. Usually, the SCIF will have its own isolated air conditioner.
o. One must hold some level of government issued security clearance before one can enter a SCIF.
If you have read this far, you probably noticed that the customer specification requirements for a SCIF can vary, depending on "how secret" the project needs to be. Usually, these rooms for government projects; the government will flow their requirements down to the subcontractor, who will flow them down to sub-subcontracors, if any.
I am no expert on this topic, and there are more considerations for secure rooms than what I have written here.
I did not realize that I had written so much until I went back to proof-read it, so I hope that I have not inadvertently bored the hell out of anyone who read this.
Ah, but none of this will matter when I steal _the whole room_ with a helicopter!
I knew a guy who was working construction in a place with a SCIF room. Started to drill a hole in a wall into the man traps to run cable through, because nobody informed him he couldn't/shouldn't. Must have triggered something or somebody saw it. He and the guy who was helping him were questioned by some MPs for the next 5 to 6 hours while they I assume did a even more thorough background check than they had to do to get onto the base and get clearance to even work there. I always thought that story was hilarious because the guys who let them into the room next to the SCIF probably didn't mention it because the contractors had no need to know about it.
Wouldn't a air conditioner be considered a potential access point for siphoning information out of a SCIF since it would require a connection to outside the SCIF to move cooler air into the room? Any light you wish to share on that problem from a purely hypothetical point of view?
@@FlyingVolvomy assumption was that it’d just be one of those things that’s like an insulated box of ice water with a fan on top, not like a whole unit that gets put into the wall.
@@FlyingVolvoIf the airconditioning unit is located outside the SCIF, the air can be ducted in through a honeycomb waveguide vent. It's essentially a metallic vent with a ton of tiny holes (hence the honeycomb name). This minimizes the RF and sound leakage through the room. You'd also want some sort of non-conductive collar between the vent and the duct to prevent conduction of RF radiation.
This is great! And here I was thinking we stored these highly classified documents in the closet at Mar-a-Lago.
Only the most amazing most presidential most beautiful secure documents are chosen to be stored at Mar-a-Pago, believe me folks, I’ve seen them and no one has documents like these, it’s really tremendous.
It's criminal this comment only has 25 likes even if it has only been two days
Well played Maltava, well played.
Or Biden's garage.
...& Hilary knew what ??
Because this is HAI, and pedantry is expected…we absolutely still distribute information on British warship movements. The difference now is that: 1. The British told us and 2. We are likely distributing the information to other British.
They also use shortwave radio to send EMERGENCY ACTION MESSAGES to strategic military assets across the world!
Skyking
Wheedle - Wheedle - Wheedle... standby for SAC HQ msg....
@@PsRohrbaugh Do not answer. DO NOT ANSWER!
Not just that, but encrypted data and digital voice on HF are still widely used for military communications. Sure, SATCOM has gained a lot of use over the years, but HF will still (sometimes) get the job done if all else fails.
I thought that was just for small not as developed countries like Cuba and some Eastern European
Worth pointing out that most government agencies have separate classification systems that are analogous to DoD but don’t directly correspond (e.g. Energy, Treasury, etc.). Often the systems are compatible enough to inter-connect but occasionally it creates other issues since security vs. resIliency often DO differ between agencies.
So, that's not really the case, or if there are any of these separate classification systems, they are few and far between. The entirety of the U.S. Intelligence Community (to include the Dept of Energy's Office of Intelligence & Counterintelligence and the Dept of Treasury's Office of Intelligence & Analysis) utilize the same classification system as DoD.
Not separate classification systems, but single-site classified networks, with a limited number of terminals to access the broader SIPRNET or JWICS.
Fun fact due to the way that congressional laws trump executive orders, the DOE's classification system tends to override any other agency's when there's a conflict in the rules. One way this is evident is that the president, as commander in chief, can unilaterally declassify anything he wants anytime he wants EXCEPT if it has to do with nuclear secrets under the auspices of the DOE (see trump being an idiot). Another funny consequence is that US marshals are legally empowered to pursue and arrest people with federal warrants anywhere in the universe...except in nuclear power plants which are under sole jurisdiction of the DOE.
The only thing that I can bring to mind are designations for controlling the dissemination of Unclassified documents (i.e. For Official Use Only (FOUO)). This information is still Unclass, so if some legal process requested that information (like a FOIA request), there'd be no barrier to obtaining it, but its stuff the agency would rather its employees not post on social media. Previously, each agency had its own systems for how to label and treat this kind of information, but it caused confusion when sharing information between agencies. This practice has been standardized through the Controlled Unclassified Information (CUI) specification, as mandated by EO13556.
All Executive agencies are required to use the same standards for data Classification, as outlined in EO12356.
Classifications are the same, but the networks that each bureau/agency uses to process that level may or may not allow for specific traffic depending on policies and how well the firewalls in between are built. For example a DoD SIPRNet user might be able to send email to the equivalent at State or Justice, but even with a fully built site account they might have to log into a Secret-level State/Justice workstation to get into the online sites in those networks because of blockages for DoD SIPR or outside the State/Justice Secret network altogether.
Always get a kick remembering someone from my shop was browsing FB on a SIPRNET approved computer when on a training exercise. Good times were had by all except him.
Technically the public internet is packet switched as well. It's just that with the consolidation of backhaul providers, more stable connections, and modern routing logic, not to mention lack of redundant connections for most people, it's unlikely that your packets will go different routes. But they *could.*
I want a Wendover episode on something related to this. This was fascinating.
I love the fact that there are probably a lot of us officials closely inspecting this video to see if anything important was leaked or revealed
No need. Every PFC who ever worked in or near a SCIF is in the comments section, bragging about it by revealing everything they know.
@@GeoffCostanza Reminds me of when soldiers leaked classified tank data to War Thunder in order to prove that War Thunder's tanks are inaccurate... this happened 3 times.
Not really, most of the data you're going to hear is Unclassified, just generally only used for official purposes. So you're not generally going to hear people talking about it, but the data is out there a lot of the time if you want to find it. That being said people who work in these areas are generally nerdy internet dwellers, and as a result, often like these types of videos, and get curious what other people think. Hence as you can imagine, the comment section is filled with loads of people who work in SCIF's.
@@OtKH00 if you have that many people working in SCIFs, then nothing is really classified other than what is contained in such conversations...
tho I wonder are there lots of "sexual relations" going on in these facilities, presuming the SCIFs are not too guarded as one might have thought... it's basically leak proof, but probably not sweat proof from what I heard in this comment section... (and the thereafter consequence of one...
@@OtKH00 I feel attacked 😂
Great video. Accurate enough. I used to be a JWICS admin and worked in a SCIF for 5 years. Depending on the compartment, you could even essentially have a SCIF within a SCIF.
SCIFception. I'd watch.
Yup, I was read in to a SAP and it required a space that was accessible only by those that had same read-in and knowledge of the combination lock. Regular cleared had no access
SCIFs are such a widely varied thing. They get built for whatever specific purpose they need to serve. Some are simply one room with a secret phone and PC. Some are massive and are basically the entire building, with multiple additional SCIFs within it.
Interesting video, watched it twice. now it's once as interesting :)
There are also “CDS” (cross domain solutions). Allowing data to pass through different security domains (IE. secret, classified, or top secret).
radiant mercury is a good example
@@ghostnetworkNL many different examples. V3CDS, Radiant Mercury, TNE, Etc.
I signed up for curiosity stream / nebula with your link !!!! I LOVE IT !!!!! Thanks for the amazing content, keep it up and have a fantastic start to 2023!
Next video you can go even deeper and talk about the various CENTRIX systems. They are basically SIPRNET systems, but run between the U.S. a various foreign countries. There are also multiple SIPRNET systems operating within the U.S.; local ones dealing with classified information pertaining to a specific region or base and the "global" SIPRNET.
I had to scroll too far to find the name of the orange cable that I'd forgotten
well..at this point, it's just 3D chess of web of SIPRNET systems... each on a deeper level than last
INB4 we have the SHIELD system
I think the room specs aren’t classified because “build a soundproof box with white noise” is pretty much a given.
Holy Crap so my mom was a secret agent when I grew up? She liked hanging clothes outside in the air because she thought it was better than a dryer
Think of all the messages she had outside that our neighborhood could have cracked!
That might be why your neighbor visited your mom so often after making laundry whenever dad was not around, and then there seemed to be even more laundry after that.
Well, did she seem to be friends with men wearing powdered wigs?
@@clray123 Thats why Mr Rogers was always over eh?
@@vigilantcosmicpenguin8721 You give her too much credit. She wasn't hanging out with the high society gentleman lol
I thought Sam said you will either end up in prison or shocked, then on replay realised he said shot. Now it makes sense.
Enjoying the audio quality in this video
SIPR is actually connected to the greater WWW. Each LAN is just connected to each other by a VPN, a very good VPN.
It's called HAIPE.
That's all government crypto is really, just maintaining a very specifically configured VPN with tracked sets of (nowadays file downloaded) keys. Running on aluminum _bricks_ that are often 10~20 years old.
You're confusing the web with the Internet. They aren't the same thing. WWW is an application that rides the Internet.
The entire INTERNET, World Wide Web included, uses packet switching. That's the basis of the Internet Protocol (developed under a DOD contract in the mid '60s to make nuclear war survivable.)
Note that the 736 word dictionary was not a "cipher" -- which can be cracked -- but a "code", which is essentially impossible to crack without stealing the dictionary.
That would be quite wrong. Assuming the code was never or infrequently updated, it would still be subject to frequency analysis and known plaintext attacks. As it was hundreds of years ago and on physical media, it was probably reasonably secure against that. However, it isn't anywhere near impossible. It simply would have required secretly intercepting and copying coded texts, and if the attacker could inject known text into the system, it would speed up the attack.
@@tiktokjourney8472 That is breaking the *use* of the code, which is a couple of extra layers on top of the code proper.
My understanding is that it's 3 or 4 orders of magnitude harder to crack a code than a cipher, and goes up from there if the people using it are doing it correctly.
At the very least, it's a big enough difference to warrant my commenting on it, even if you feel I've overstated the case.
@@baylinkdashyt I assume it's jsut like decoding a foreign language, using what words are statistically more likely to appear.
@@baylinkdashyt not really. A codebook isn't "hard to crack". It is simply a substitution cipher with fewer characters to analyze. It is mainly about obfuscation and brevity. It probably would have been harder to break at the time as it would have been difficult to gather enough cipher text for frequency analysis. The easier method would be a known plaintext attack, but that is difficult in ensuring your desired text is sent AND that you intercept it once encoded.
That is probably the biggest difference between encryption prior to WWI and after. Prior to WWI, nothing was transmitted by radio waves, and rarely by telephone or telegram. You had to physically intercept the message which almost always alerted your opponent you had done so. Once radio became a primary method of communication, then you had to assume your opponent could intercept all your communications so it was much more important to design more robust ciphers.
I believe someone mentioned Enigma. Engima was very advanced for its time, and its greatest weakness was operator error. Meanwhile, the US Navy had learned the value of padding at the beginning and ending of messages and thus you get "The world wonders".
Big fan of this channel and I know this is a totally random, barely related comment, but I knew the guy with glasses in the stock footage at 1:36. Joe DeCola was an absolutely fascinating man with a huge heart and an even huger laugh. He passed away in 2022 and is missed by so many people. It made me really emotional to see him so unexpectedly here.
Was he an actor?
Regarding Sipernet, I know from experience that if you plug in a memory stick into a computer on the network, and then plug it into your personal laptop, your laptop is now secret also. My coworker had personal pics on his laptop that he wanted to be the home screen on his government laptop. So without thinking he put them on his USB drive and downloaded them on his government laptop. He then continued to use the same device on his personal laptop. So without knowing it, he made his memory stick and personal laptop classified secret. So now his laptop had to be kept in a secure location (we were on a submarine on deployment. Every inch is secret until we pull into port, in which case he would need to lock it in a safe). He could no longer connect to the internet or download things off his laptop. I don’t remember what the resolution was. I think they had to wipe everything. Just like they wiped away his rank as a result.
As an architect, that wall construction for the rooms is not actually that acoustically separated. You’d find better acoustic separation between two condos.
Maybe that's why the material is public. So everyone things these are the specifications while the room is actually made with even better techniques. ;D
@@sarmion4382 It is not the materials per se that make the room secure. Attached to the wireframe is a high frequency shaker that constantly changes it frequencies. This makes it near impossible to listen in a conversation. It's also like a speaker that it dubbing the sound with random other words. Why words, because words have patterns and if you would just replace it by white noise, you can still looks for patterns in the noise. From what the contractor told me, if you would try to listen in, it's like a hundred different conversations are taken in the room. For windows they have a similar device that alters the frequency at which the lights are reflected.
The reason why the specifications are available is so this SCIF's can be build by any contracted. Once a SCIF is completed, a certification process is required. Only when the SCIF passes that certification, a secure terminal is installed. Also the document in this video is only the abstract base specification. Many department have addendums to these specifications, some are public, others require a signed NDA. Most of these 'secure' specifications have visible and non-visible ways to find out who leaked a document. Leaking these documents is a very serious crime which starts with revoking your security clearance. For many people this means they can no longer perform their job, and because many similar jobs are require your to have or are able to acquire a security clearance, it is very hard to find new employment. It is even worse if you are the owner of company, because the credentials of the company are also revoked. Your behavior is at least investigated by the DHS and serious charges can be filed against you and usually handled by a FISA court.
p.s. I'm on a secure network for a different department than the DOD.
2:09 why I subbed ... f*ckin righteous !
I think my favorite method was Cardan Grille or Mask Letters which the British used and the Americans didn't crack. A letter is written that contains two messages with the intended one only revealed when a cutout paper mask, sent separately, is placed over the letter.
lemon letter also works.
0:27 technically speaking, doing that isn't even encryption, just encoding, which can be easily broken through something called frequency analysis.
No one spells out the acronyms. They're pronounced SKIF and Jay Wicks. Classification criteria has a very specific definition and over classification is prohibited by law. The SCIF specs aren't classified for a couple of reasons: one, the information doesn't meet the standard; two, any construction worker or engineer would need a clearance for that level. It can take months to years to get all of it approved. Finally, classified information isn't just a clearance level. There are also compartments and releasabilities. You could have a TS, but you likely wouldn't be able to see anything because it's mostly segmented up into programs, which you need special clearances and access to.
THIS! That drove me nuts and I'm surprised no one else mentioned it. I have NEVER heard JWICS spelled out.
@Daniel Curry it's like hearing nails on a chalkboard everytime
I swear half as interesting, wendover productions, and reallifelore are the same person
It may seem ridiculous that all media plugged in to SIPR devices must be classified (i.e. a USB rock), but it’s vital that only approved technology are allowed in closed spaces. One could imagine the consequences of connecting a computer mouse that had “additional functionality” unbeknownst to the user. Also I’m not sure if this is standard, but JWICS can be pronounced like “jay-wicks”
Jay-wicks is how all my intel friends say it
It makes sense, too. It might be worthwhile for some foreign intelligence agency to build a few thousand 'enhanced' mice, pack them up as legitimate merchandise, and reverse-shoplift them into office supply stores around Washington DC. For the project to pay off they'd only have to get lucky once...
To be honest I'm kinda disappointed there is no Nord VPN sponsorship in this one, it would've been the perfect fit for the video
I'm pretty sure I once worked on assiting one of these type of connections being installed. I wasn't told a lot but I was informed it was for some sort of secure internet connection for receiving data in regard to government contracts worked on by the company we were working in. As this video continues, I realize this must be exactly what it was for.
Am I the only person who feels like Sam's voice is heavily compressed, like I'm listening to him over shortwave, with a potato plugged into two tin cans?
Ohhh I thought it was just me, I recently changed hardware so I wasn't sure if my sound drivers were installed correctly. Thanks for saying this.
I've used both NIPRNET and SIPRNET with credentials on both. I've never touched JWICS though
Sure, "Ivan"
A lot of people in the US Military have used the systems before, so not that uncommon.
@@arkajitmaity5277 Yep that's my name, and Travis is correct about the reason
Hello this is China DM me please
I've used JWICS, I'm just an IT guy though so I have never been issued PKI's or the credentials needed to actually access the information on the network
This is the very high level overview of one layer of military communications networks and security. The really important related item is security clearances and the "need to know". There is a complex process to obtain a clearance. And, just because you have a clearance doesn't mean you have a need to know, or a need to obtain login credentials for one of the networks or the ability to gain access to any of the classified facilities that have such computers and networks in operation. And, let's not forget these facilities and networks have physical crypto hardware that has to be loaded with the crypto keys each with a security classification, distributed and tracked from a central facility, that have to be loaded, updated, and destroyed at prescribed times, including emergency re-keying when a device or key is compromised, all administered by career personnel whose job is to manage crypto keys. It's false to believe that some ex-government official that still has a clearance can someone access classified material. They retain their clearance for many reason, one of which is so that they would still be able to answer questions in an investigation that may arise about the classified material they once accessed or possibly mis-handled.
Sounds like a hassle. Easier to check some drawers in Mar-a-lago.
in my experience with the armed forces, any “minor” infraction you do pertaining SIPRNET system’s will immediately get you into UCMJ (Uniform Code of Military Justice) which is basically prison so yeah it was no joke
Why don't they just hide the information in bricks?
Good idea. That way, Sam will never talk about them again. Oh, wait. Maybe that's a bad idea.
They decided not to use bricks because they didn't want those bricks accidently used in the border wall with Mexico. You know- the one that's totally, seriously, I promise any day now, going to get built. And paid for by the Mexicans too
/sarcasm and also Smh
They do hide information in bricks. Kinda. It´s a weird way to create a dead drop. Not that safe, and they would normally use other techniques.
Would the book-sized aluminum-cased VPN encryptors count as bricks? They definitely feel and act like bricks sometimes.
The Australian Military had a courier system for transferring classified documents by hand from place to place and person to person.
For many years I was one of these couriers.
Is it true that Australia is run by a dingo who controls the prime minister?
@@4kChannel sometimes Australia has the Appearance of not being Run by anybody, so a Dingo might be an Improvement.
The USB rock thing is incorrect, the device cannot have volatile storage. In fact I KVM between all three systems with the same mouse, keyboard and monitor every day.
Except your peripherals are plugged into the KVM, not the SIPR/JWICS terminals
@@iammaxhailme it’s literally a pass through via usb. Most peripherals (non-volatile storage) are authorized to be plugged directly into the computer/VDI & are swap-able from machine to machine.
Unless you’re in a SAP-F (a more secure SCIF)..then every piece of equipment is destroyed as soon as it is removed from the space.
Wireless mice are allowed on NIPR and SIPR outside of a SCIF. Wireless keyboards are never allowed. Local policies do shift a little with restrictions.
@@justincalvarez A SNCO actually used a RGB keyboard in the SCIF (it had volatile storage for color settings) and the security manager just about had a stroke. It was a source of a lot of workplace drama, the keyboard had to be destroyed
@@davidwagenblast5717 lol I could see that happening. I wouldn’t use anything but GOVT equipment in any SCIF or SAP-F.
@@justincalvarez It was acquired from government sources actually, made in America and all that. Just wasn't meant for a SCIF
Scifs are just room-sized headaches, especially when building them
Me with popcorn noting how many people are outing themselves as having/had DoD security clearances.
And you *believe* them?
@@annai157 really no reason not to. A huge chunk of jobs in the military require at least a Secret, and every single commissioned officer is required to have a Secret. Most people get a clearance but never have a need to look at classified info, it's just required to have the clearance to have that MOS. Even just generic MP required I get a Secret.
@@RanCham727 I agree that many, many people have them. But I've also seen many, many people lie about having one, in order to impress. Sadly "stolen valor" is a rather common phenomenon.
Bruh, buy some acoustic room treatment with that Nebula I'm giving you.
@HaI I'm 25N, sipr nipr is my bread & butter. You missed the perfect oppurtunity to delve into the satelite network system that carries said classified information, Skynet. (yes the same network system name as in Terminator)
Regular internet uses packet switching too
And that isn’t even close to how it works.
@@krennic4438 More like Half as Researched, gotem
The audio quality makes it seem as if this video could've been totally written and spoken by AI
xd probably is
4:50 anyone else thought he was gonna say your computer and give a nord vpn ad?
I recall a pseudo classification called UNCLASS EFTO. It was for unclassified material which was Encrypted For Transmission Only.
"Pearls before swine" used to be a favorite phrase, but I'm updating it to "Rocks before SIPRNET"
3:45 Is the Mar A Lago storage closet a sensitive compartment information facility?
It may very well be. That hasn't been discussed in any of the news stories which are all written by people who have no clue about SCIF's, clearances, or the need to know. A facility could be as small as a single GSA approved safe for a particular classification.
@@Patriot-bn9om Not even Trump has claimed this.
This is a good question actually. It is an established fact that Donald trump had a SCIF installed at mar a lago because he would go there all the time. I’m not sure if that data was seized from the SCIF at mar a lago. If it was then Donald trump would be less likely to be charged. If it wasn’t stored in a SCIF then Donald trump should definitely be charged and convicted with mishandling classified information.
@@damm41 Considering that Hillary wasn't charged or convicted despite her absurd mishandling of classified information (as proven by the e-mail leaks), I doubt anything will happen to Trump either.
@@damm41 Not if he declassified it. The entire classification/declassification process is directed by Executive Order. However, the EO doesn't apply to the President or VP, just everyone else in the government/military. The President and VP can each declassify at will. So, his process is whatever he says it is. If he says he declassified it, that was his process. PERIOD.
4:24 Lol that’s how you Jam Radios 📻😄 You run so much energy through it that your the only one anyone can hear :P
I always forget that I have an Nebula account until Sam remebers me.
I really miss the comments on Nebula.
Lol I've never been in a SCIF where they were actually playing anything through the speakers
Missed opportunity for a Mara Lago joke.
Missed Thug Shaker Central
We just say those acronyms as "j-wicks" and "skiff"
lmao before I looked at the comments I was like "my fucking airpod is doing that thing again goddamit" and reconnected it a bunch of times
I like how Sam's videos are an excuse to expose things the US have swept under the rug
I've been in the Army for nearly a decade now.
We absolutely have not updated our methods for transmitting military secrets.
We may have _changed_ the methods, but they aren't exactly _updated_
It sounds like Sam recorded this in a washing machine
I love how "computer code" being shown on videos like these are 90% of the time HTML, which isn't even a Turing-complete programming language (i.e., you can't do stuff you can do on other programming languages). It's one of the few languages you can't hack with.
HTML is not a programming language in any way. It is a document markup language. But yes.
Why do I get the feeling HAI watched the recruit recently lol this is the exact rabbit hole I went down after seeing the SCIF rooms in that series
You get an email if you sign up for curiosity stream with the bundle, that will link you to make a nebula password
Did you use the referral code (HAI or some other creator's)? If so, you should definitely get Nebula. If in doubt try to contact their support.
i did use the code, im not sure if im missing something but its saying to upgrade for nebula
@@SuperChannel253-s7g you should have gotten a "Welcome to Nebula" email immediately after sign-up, alongside the Curiosity Stream welcome mail.
@@tom4794 thanks tom, i found the email. I went to curiosity stream accounts and saw nebula was on premium so i thought that was the issue. Thanks again
your ads alone make me want to claw my eyes out despite the fact that you use my stock video all the time, and I am fucking handsome.
You are so right about the USB drives. For this reason USB drives are banned from the nuclear plants I work for LMAO
Look up Stuxnet and what happened to the Iranian centrifuge facility if you want to know why USB drives are banned where you work likely, lol.
@@OtKH00 i wonder how you'd update the programs then... intranet?
@@PrograError just now seeing this. Some portable media devices are approved but they have to be quarantined and thoroughly checked for two weeks before being allowed into the plant
I wanted to take advantage of your nebula deal, but credit cards arent as common in my country as they may be in the usa. A paypal option would be great
Debit cards work too even if it just says credit card
Yay a video written by Ben
Amazing how now they advertise curiosity stream as an add on to nebula, a few months ago it was the opposite..... and the episode is great
did someone else find the sound was off or is it just my computer?
Where does the basment of Mar A Lago fit in with SCIFs?
That was just an undisclosed archive room...
The clothesline method would for sure still work today
I also saw one of these on the Netflix show the recruit 😯
What is the reason for not classifying the SCIF requirements? The definition of what is classified. "Secret classification shall be whether its unauthorized disclosure could reasonably be expected to cause serious damage to the national security." disclosing the room requirements does not cause damage to US national security.
We replaced the BAS (building automation system) in a Canadian Naval School/office and a couple of offices where lent to the US Navy. When we had to work in there, they had cleaned their office of pretty much everything inside it and every single one of us had a nice little US Navy guy (sailor ?) watching everything we were doing.
LOL, I thought Vsauce was moonlighting as a stock "confused man" gif
I have an engineer friend who was working on a government project and accidentally plugged a flash drive into a computer and got an alarm on him
I love Jet lag the game!
JWICS is an acronym and is pronounced "jay-wicks", while SCIF is also an acronym and pronounced as "skiff."
Just FYI.
Just FYI, JFYI is also an acronym and it's pronounced "jjjffffyee".
@@joseville Did you just make that up? If not, that's pretty cool, but I'm still not going to pronounce .gif with a soft G.
@@buddyclem7328 gotta come clean
JFYI, like FYI, is an initialism - i.e. it's pronounced by saying its individual letters (like CIA, FBI, NSA)
@@joseville You only lasted an hour, gamer. You gotta COMMIT to the BIT.
@@buddyclem7328 It's upsetting that some people still insist that gif is pronounced with a J. I mean it's an abbreviation for "Graphics interface format." Graphics. G. Graphics. Guh guh graphics
Are all of those J pronunciation people trolling?
Today's fact: Baked beans are actually not baked, but stewed.
That’s a good fucking fact
I love these types of comments! 👍🏻
Dammit, you were supposed to keep that info on SIPRNET!
@@andie_pants Faaaaack! We're all dead! You hear mee?! DEAD! They comin for us!
wtf
That Obama paddle boarding is about to be TOP SECRET
No one mention the chucky cheese pizza gate reference lmao had me dying
"How the US Sends Top Secret Information Around The World" --> By using some Discord servers, duh.
oh hey, i live on long island.. that was a pleasant surprise
We've got the 2016 mic back out lads
Upset there is no talking about bricks
You missed the point of putting the fear of god in people even on the NIPRNET, and they do it yearly through training.
What do they do?
Death by PowerPoint every time someone remotely comes close to not following rules.
@@josevilleWe have a lovely 1~2 hour personal therapy session with Jeff.