Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Military Leaks its Secrets Online

Posted by samzenpus on from the check-out-the-cia-myspace-page dept.

athloi writes "Detailed schematics of a military detainee holding facility in southern Iraq, geographical surveys and aerial photographs of two military airfields outside Baghdad and plans for a new fuel farm at Bagram Air Base in Afghanistan are among the items accidentally left online by government agencies and contractors."

30 of 198 comments (clear)

  1. How egalitarian by devilradish · · Score: 5, Funny

    see this is what I like, I'm fine with the government invading privacy just as long as they don't get to have any either.

    1. Re:How egalitarian by Elemenope · · Score: 5, Interesting

      I'm fine with the government invading privacy just as long as they don't get to have any either.

      I'm not, but it is still vaguely funny. Funny in the sense that the military is even more obsessed than the famously obsessed Federal Government (of which it is a prominent member) is with controlling information could make a mistake this stupid. Not funny in the sense that often (though not always), military secrets are secrets for good strategic or tactical reasons, and our military is at least nominally on our side. (It's like rooting for the home team. ;) )

      Privacy isn't supposed to be a two-way street between a citizen and their government; symmetry of relation is inappropriate. Governments by definition are in service to the public, and act on behalf of that public; thus, there are precious few acceptable reasons why any corporeal manifestation of that government can assert a reason to keep its actions from those whom it serves, whereas a private citizen is private until and unless it gives ample reason for a public agency to believe they are doing something illegally naughty. The names almost give it away. Public Government. Private Citizen.

      As a citizen, I don't want my government thinking it is in some egalitarian relationship with me and my fellow citizens. The government ought to consider itself subordinate to its citizens.

      And I know this is taking your joke and dragging it unkindly into unfunny territory, but the 'you show me yours, I'll show you mine' meme is, I think, destructive to any defensible notion of privacy.

      --
      All the techniques ever used to make men moral have been themselves thoroughly immoral... (Nietzsche)
    2. Re:How egalitarian by Marxist+Hacker+42 · · Score: 2, Insightful

      I'll root for the home team the day they get a competent coach who knows something about basic tactics and the proper use of overwhelming force, as well as how to budget properly.

      --
      SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
    3. Re:How egalitarian by Elemenope · · Score: 2, Insightful

      Well, the other reason I root for the home team is I am acquainted a few of the players, and sometimes when they lose, they die. I don't want them to die, hence, I want them to win, or at least to stop playing and go home.

      --
      All the techniques ever used to make men moral have been themselves thoroughly immoral... (Nietzsche)
    4. Re:How egalitarian by Anonymous Coward · · Score: 5, Insightful

      This is a pretty misleading headline. U.S. Military? These are government contractors, civilians that do not have a clue about IT security and have not even considered what their actions can result in! This really bothers me because for the most part, your military is a cross section of society, coming from all different parts of our culture. When these stupid civilians put lives at risk, possibly mine, I would like to put them on the gate of any compromised base. I bet they would take security much more to heart. Their actions all boil down to a company that wants to make a buck by showing what a great fing job they are doing to fight the war.

      As an active duty Marine, I completely agree with your statements on privacy, I appreciate what little privacy I enjoy and your right to privacy is one of the reasons I have served for 20+ years. I do however take issue with your comparing this instance with our current administration and congress and the military. Politicians are the government that you refer to, not those of us on the ground that are carrying out the fight. Most of us hate the politicians worse than any normal citizen, we fight, bleed etc, they get elected or re-elected based on the B.S. they can sell to the American public. There is not one single politician that has any integrity that I know of.

      Heck, this administration forced me to not be a republican anymore and I will never be a democrat. They all are liars.

    5. Re:How egalitarian by Elemenope · · Score: 2, Interesting

      Point. That's why the option I *personally* favor is 'stop playing and go home'. Means both teams get to go home to play another day. But so long as they are playing...

      What was that sound? That sound was the spirit of a sports metaphor dying in agony. ;)

      --
      All the techniques ever used to make men moral have been themselves thoroughly immoral... (Nietzsche)
    6. Re:How egalitarian by Elemenope · · Score: 2, Insightful

      Way to ignore most of the sentence. Let's review:

      In framing a government which is to be administered by men over men...

      In other words, governments must be composed of human beings...

      the great difficulty lies in this: you must first enable the government to control the governed...

      Humans without some enforced public order are brutish and generally nasty. The establishment and maintenance of public peace is what the Founding Fathers (tm) meant by 'control', not manipulation, either crass or subtle, of a person's desires and fears, as the term is generally understood today...

      ...and in the next place oblige it to control itself.

      Which is the part you simply ignored. In order for a government to have power enough to, ahem, *govern*, and yet be limited, some *ideals* must be made manifest to rule over the baser instincts of those *men* of which the government is ultimately composed. That is the purpose of a constitution, as a codification of principles that justify the continuity of a government so long as that government remains faithful to those principles. The idea was to establish limits upon the reach of authority by delegating specific powers to government and assuming (and later explicitly stating) that the rest were out of reach.

      Governments control people just fine without a constitution. The Constitution's purpose was to delimit and control the Government, as Madison himself indicated in that passage; this was the solution to the second half of the problem that the Federalist papers were written to argue for, that a Constitution was the best way to oblige a government to control itself and yet be capable of governing in a way that the prior system (Art. of Confed.) could not.

      --
      All the techniques ever used to make men moral have been themselves thoroughly immoral... (Nietzsche)
    7. Re:How egalitarian by undeaf · · Score: 5, Funny

      what is this sun of which you speak?
      Okay, how do I explain it in an easy to understand way. The sun is like a huge server that uploads Vitamin D to you. However, we're constantly told scare stories about how we'll accidently download skin cancer from it, to sell antiviolet products. Unless you live near the equator, you can't get very good access to it except in the summer.
  2. Let's head this off at the pass... by SoapBox17 · · Score: 5, Informative
    Before anyone cries foul...

    From TFA:

    "None of the drawings are classified and we believe they were all handled appropriately per the government's direction," said CH2M Hill spokesman John Corsi. But the company added a password protection to its FTP site after the AP's inquiry and referred the direct request for the documents to the government.
    The DOD has a special category of Unclassified documents called "For Official Use Only" (FOUO) which prevents the information from being released to the public under the FOIA. This information was not classified, but was not supposed to be released.
    1. Re:Let's head this off at the pass... by digitalchinky · · Score: 2, Interesting

      What's interesting is that after spending a good 10 or 15 years with a TS security clearance, I can do the odd 'search' and find an astonishing amount of information put on line by both the military and contractors, the kind of information that would generally land a person in the trade in some rather deep hot water. (or jail) 3 letter agencies don't really have an employment stream for people to sit on google all day looking for in house classified documents. It usually takes a bit of digging by a reporter and a few major headlines before anyone much cares.

    2. Re:Let's head this off at the pass... by CodeBuster · · Score: 2, Informative

      But the company added a password protection to its FTP site after the AP's inquiry

      I hope they realize that FTP does not encrypt the transport, and thus the password, and that this is only marginally better than no password at all until they bother with encrypting the underlying connection (port forwarding 21 or whatever port they are using through an SSH tunnel for example).

  3. "Accidently"?? by iminplaya · · Score: 5, Interesting

    Please! So those were the "real" plans, huh? Nod Nod Wink Wink..

    --
    What?
  4. Keeping secrets by Aminion · · Score: 3, Insightful

    And somehow, these people manage to keep secrets about aliens, JFK, weapon programs, etc.? ;)

    1. Re:Keeping secrets by kd5ujz · · Score: 2, Insightful

      They still have some people believing Saddam had WMDs, so I do not see a JFK/Alien/Roswell/Moonwalk cover up out of their reach. :P

      --
      -William
      God is everything science has yet to explain.
    2. Re:Keeping secrets by Anonymous Coward · · Score: 2, Funny

      See, it's all about the master conspiracy. By leaking unimportant information that only some measly civilians and combatants need to be safe, they distract us from the important matters, like alien JFKs programmed to be weapons.

    3. Re:Keeping secrets by NMerriam · · Score: 2, Insightful

      The world witnessed Saddam use his WMD against the Iranians and Kurds on multiple occasions. This takes the notion that he had WMD out of the "belief" realm and plants it solidly in the "proven fact" category.


      We didn't claim to invade for weapons he had in the 1980s (when he was an ally and we were PROVIDING him weapons and technical expertise). We claimed he had WMDs in the year 2003 and was refusing to get rid of them *in 2003*. Please, stop trying to move the goalposts to make yourself feel better about wasting a trillion dollars and thousands of lives.
      --
      Recursive: Adj. See Recursive.
  5. Re:Just block all IP blocks from "enemy" nations by CastrTroy · · Score: 2, Funny

    Sounds a lot like DRM to me. I think the military should try this. It's working so well for the music/movie industry.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  6. This just in: by RAMMS+EIN · · Score: 2, Funny

    US Military Leaks its Secrets Online

    In other news, water is wet!

    --
    Please correct me if I got my facts wrong.
  7. Doubt this is a mistake. by detain · · Score: 2, Interesting

    I have no problem believing that there are countless incompetent people within both our government and military, but they are both run in maners that should prevent mistakes like this from happening. Its my guess that these documents were intended to be 'leaked' and that its no real threat to us to have anyone aware of them. I dont see something like this being an accident at all. Its probably more a strategic move than a mistake.

    --
    http://interserver.net/
    1. Re:Doubt this is a mistake. by Scratch-O-Matic · · Score: 2, Interesting

      Here's an exercise for you:

      1. Drive around Arlington, VA (where the Pentagon is) and observe all the buildings with the names of defense contractors on them.

      2. Say to yourself, "Everyone in all of these buildings understands that when they upload a file to the company server, it is available to anyone around the world."

      3. Reflect.

      --


      Evil is the money of root.
  8. Re:yeah by PsychoSlashDot · · Score: 2, Funny

    This is just another example of how Michael Bay's Transformers movie is completely ridiculous. Megatron wouldn't have had to send his Decepticons to break into the government's computers to steal the location of the all-spark. As we can see, the DOD would likely just left that information open, available over the web.

    Funny thing is that Optimus Prime claimed to have learned how to speak our languages on "the World Wide Web", but he didn't once use any l337 speak.
    --
    "Oh no... he found the .sig setting."
  9. Is there no way to do better? by Aaron+Isotton · · Score: 2, Insightful

    I find it a bit sad that such things keep on happening all the time (not only to the DOD).

    I do realize that, while everyone agrees that "security" is a good thing, it often gets treated lazily for the sake of usability. Even though I think that giving "normal" (i.e. non-system administrator) users the right to just "put things on the server" (likely via FTP or Windows Shares) is just utterly stupid in any context where some sort of security is required. Things will go wrong because people just don't realize (and mostly aren't even interested in) the implications of what they do. I imagine something like this (I have seen that happening too many times):

    Alice: Hey, Bob, where's that super secret document we're both working on?
    Bob: It's on the SourceSafe (or whatever) server, you can check it out
    Alice: Awww, my SourceSafe isn't set up properly and it takes too long. Can you E-Mail it to me?
    Bob: Sure! (wants to email the document)
    Bob: Darn, the attachments have to be less than 500kbytes, otherwise it won't send it. I'll put it on the W: drive!
    Alice: Ok, thanks!

    The ideal solution to this kind of problems would be an USABLE operating system with some kind of sensible data flow tracking (e.g. you can't copy a 'classified' file into a 'not classified' folder or upload it to a 'public' server) and which doesn't get in the way all the time.

    Example: I worked at a company where we had Lotus Notes internally. Additionally to the other fabulous features (such as speed, stability and an intuitive interface) of that wonderful software it supported sending 'confidential' and 'highly confidential' mail. The result of sending a 'highly confidential' mail was that you couldn't copy/paste from a mail, which was just great when someone sent you a 60 characters long windows share path and you had to type it all into windows explorer. That is what I mean by 'get in the way'.

    Is there any (operating) system out there with some sensible, security-aware data flow tracking? Such as 'when you copy something from a classified document into a non-classified document the non-classified one becomes classified'? Or attaching this kind of security information to files or other objects? I know that this is a major topic of research in computer science, but have never seen it in real use.

    1. Re:Is there no way to do better? by qzulla · · Score: 3, Insightful
      Is there any (operating) system out there with some sensible, security-aware data flow tracking? Such as 'when you copy something from a classified document into a non-classified document the non-classified one becomes classified'? Or attaching this kind of security information to files or other objects? I know that this is a major topic of research in computer science, but have never seen it in real use.

      I work in a class environment. I'll try to answer this.

      Why should the OS care? Who is going to build an OS that can determine what is class or not. That is the owner of the datas (data's?) job. The computer does not care. It happily does what it does - manage data. It is not its job to determine what is safe and what is not.

      That is for people to determine. In the end it is people who decide what goes where. I like it this way as there is some accountability and a paper (electronic) trail.

      So you write an app that determines what is class. Oops! The DB is down/not up to date/hosed by a virus. In other words, you is funked.

      Air gap. We have that. Locked ports. We have that. Two man rule. We have that. Can't talk beyond this. Sorry.

      My point is technology can only go so far in protecting stuff. The people doing this stuff only need to think of a few words.

      VPN. SecureID. One time passwords.

      But ftp with no passwords and not even sftp with passwords?

      Fire them all.

      qz

  10. How to improve your security... by digitalderbs · · Score: 5, Funny

    "The posting of private material on publicly available FTP servers"

    $ ftp ftp.usmilitary.com
    220 FTP server (SunOS 4.1) ready.
    Name (ftp.usmilitary.com): guest
    331 Guest login ok, send ident as password.
    Password: guest@guest.com
    ftp>

    Thankfully, they caught on and learned their lesson : "the SRA anonymous ftp server has been shutdown indefinitely. In the coming months, a new secure ftp site will be introduced that will replace the functionality of this site."

    $sftp guest@sftp.usmilitary.com
    Connecting to sftp.usmilitary.com...
    Password: guest@guest.com
    sftp>

    1. Re:How to improve your security... by Rearden82 · · Score: 5, Interesting

      That's much more "Insightful" than "Funny".

      I had the unfortunate experience of dealing with a government agency whose website was hacked. After a month-long "security audit", their in-house security experts devised a comprehensive plan to lock down their server and prevent it from ever being compromised again.

      The solution, in its entirety, was to turn http://www.dumbass.agency.gov into the new, "secure" https://www.dumbass.agency.gov.

      I wish I was kidding.

  11. Need a more secure alternative to FTP? by statemachine · · Score: 3, Funny

    A spokeswoman for contractor SRA International Inc., where the AP found a document the Defense Department said could let hackers access military computer networks, said the company wasn't concerned because the unclassified file was on an FTP site that's not indexed by Internet search engines. "The only way you could find it is by an awful lot of investigation," said SRA spokeswoman Laura Luke.

    Gopher... No one looks there!
  12. anonymous ftp? by bl8n8r · · Score: 3, Funny

    > the SRA anonymous ftp server has been shutdown indefinitely

    Anonymous?... FTP? They may have as well put them on bitorrent and named them britneys_boobies.zip

    --
    boycott slashdot February 10th - 17th check out: altSlashdot.org
  13. Re:okay, explain that one by jank1887 · · Score: 4, Informative
    FOUO is specifically designated to NOT be used as a way of keeping Unclass info away from FOIA inquiries. It's for things that aren't government secrets, but shouldn't be shared with the general public. You would likely agree with many of these. Examples:

    Privacy Information, Social security numbers, medical, etc.
    Company Trade Secrets
    Legal documents, law enforcement documents, with limits
    And there are others, some discretionary. Full definition in Chapter 4 here (~100 page PDF):
    http://www.dtra.mil/documents/be/5400.7-R.pdf BUT, from Chapter 4:

    C4.1.1. General. Information that has not been given a security classification pursuant to the criteria of an Executive Order, but which may be withheld from the public because disclosure would cause a foreseeable harm to an interest protected by one or more FOIA Exemptions 2 through 9 (see Chapter C3.) shall be considered as being for official use only (FOUO). No other material shall be considered FOUO and FOUO is not authorized as an anemic form of classification to protect national security interests..

  14. Solution: by mdsolar · · Score: 2, Funny

    H-1B Visas. Just hire some competent foreigners to handle national security. Oh, wait....

  15. Stupidy and Misinformation by RexRhino · · Score: 3, Interesting

    The military accidentally leaks valuable information, and the military intentionally "leaks" disinformation. It is not an either/or thing.

    "Leaking" disinformation would be useless if the military didn't actually leak real information. And if you do accidentally leak real information, it only makes sense to also release disinformation to create uncertainty.

    But there is probably no way that layman like most of us here can determine if this is fake or real simply from the information in the article.