Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Military Leaks its Secrets Online

Posted by samzenpus on from the check-out-the-cia-myspace-page dept.

athloi writes "Detailed schematics of a military detainee holding facility in southern Iraq, geographical surveys and aerial photographs of two military airfields outside Baghdad and plans for a new fuel farm at Bagram Air Base in Afghanistan are among the items accidentally left online by government agencies and contractors."

14 of 198 comments (clear)

  1. How egalitarian by devilradish · · Score: 5, Funny

    see this is what I like, I'm fine with the government invading privacy just as long as they don't get to have any either.

    1. Re:How egalitarian by Elemenope · · Score: 5, Interesting

      I'm fine with the government invading privacy just as long as they don't get to have any either.

      I'm not, but it is still vaguely funny. Funny in the sense that the military is even more obsessed than the famously obsessed Federal Government (of which it is a prominent member) is with controlling information could make a mistake this stupid. Not funny in the sense that often (though not always), military secrets are secrets for good strategic or tactical reasons, and our military is at least nominally on our side. (It's like rooting for the home team. ;) )

      Privacy isn't supposed to be a two-way street between a citizen and their government; symmetry of relation is inappropriate. Governments by definition are in service to the public, and act on behalf of that public; thus, there are precious few acceptable reasons why any corporeal manifestation of that government can assert a reason to keep its actions from those whom it serves, whereas a private citizen is private until and unless it gives ample reason for a public agency to believe they are doing something illegally naughty. The names almost give it away. Public Government. Private Citizen.

      As a citizen, I don't want my government thinking it is in some egalitarian relationship with me and my fellow citizens. The government ought to consider itself subordinate to its citizens.

      And I know this is taking your joke and dragging it unkindly into unfunny territory, but the 'you show me yours, I'll show you mine' meme is, I think, destructive to any defensible notion of privacy.

      --
      All the techniques ever used to make men moral have been themselves thoroughly immoral... (Nietzsche)
    2. Re:How egalitarian by Anonymous Coward · · Score: 5, Insightful

      This is a pretty misleading headline. U.S. Military? These are government contractors, civilians that do not have a clue about IT security and have not even considered what their actions can result in! This really bothers me because for the most part, your military is a cross section of society, coming from all different parts of our culture. When these stupid civilians put lives at risk, possibly mine, I would like to put them on the gate of any compromised base. I bet they would take security much more to heart. Their actions all boil down to a company that wants to make a buck by showing what a great fing job they are doing to fight the war.

      As an active duty Marine, I completely agree with your statements on privacy, I appreciate what little privacy I enjoy and your right to privacy is one of the reasons I have served for 20+ years. I do however take issue with your comparing this instance with our current administration and congress and the military. Politicians are the government that you refer to, not those of us on the ground that are carrying out the fight. Most of us hate the politicians worse than any normal citizen, we fight, bleed etc, they get elected or re-elected based on the B.S. they can sell to the American public. There is not one single politician that has any integrity that I know of.

      Heck, this administration forced me to not be a republican anymore and I will never be a democrat. They all are liars.

    3. Re:How egalitarian by undeaf · · Score: 5, Funny

      what is this sun of which you speak?
      Okay, how do I explain it in an easy to understand way. The sun is like a huge server that uploads Vitamin D to you. However, we're constantly told scare stories about how we'll accidently download skin cancer from it, to sell antiviolet products. Unless you live near the equator, you can't get very good access to it except in the summer.
  2. Let's head this off at the pass... by SoapBox17 · · Score: 5, Informative
    Before anyone cries foul...

    From TFA:

    "None of the drawings are classified and we believe they were all handled appropriately per the government's direction," said CH2M Hill spokesman John Corsi. But the company added a password protection to its FTP site after the AP's inquiry and referred the direct request for the documents to the government.
    The DOD has a special category of Unclassified documents called "For Official Use Only" (FOUO) which prevents the information from being released to the public under the FOIA. This information was not classified, but was not supposed to be released.
  3. "Accidently"?? by iminplaya · · Score: 5, Interesting

    Please! So those were the "real" plans, huh? Nod Nod Wink Wink..

    --
    What?
  4. Keeping secrets by Aminion · · Score: 3, Insightful

    And somehow, these people manage to keep secrets about aliens, JFK, weapon programs, etc.? ;)

  5. How to improve your security... by digitalderbs · · Score: 5, Funny

    "The posting of private material on publicly available FTP servers"

    $ ftp ftp.usmilitary.com
    220 FTP server (SunOS 4.1) ready.
    Name (ftp.usmilitary.com): guest
    331 Guest login ok, send ident as password.
    Password: guest@guest.com
    ftp>

    Thankfully, they caught on and learned their lesson : "the SRA anonymous ftp server has been shutdown indefinitely. In the coming months, a new secure ftp site will be introduced that will replace the functionality of this site."

    $sftp guest@sftp.usmilitary.com
    Connecting to sftp.usmilitary.com...
    Password: guest@guest.com
    sftp>

    1. Re:How to improve your security... by Rearden82 · · Score: 5, Interesting

      That's much more "Insightful" than "Funny".

      I had the unfortunate experience of dealing with a government agency whose website was hacked. After a month-long "security audit", their in-house security experts devised a comprehensive plan to lock down their server and prevent it from ever being compromised again.

      The solution, in its entirety, was to turn http://www.dumbass.agency.gov into the new, "secure" https://www.dumbass.agency.gov.

      I wish I was kidding.

  6. Need a more secure alternative to FTP? by statemachine · · Score: 3, Funny

    A spokeswoman for contractor SRA International Inc., where the AP found a document the Defense Department said could let hackers access military computer networks, said the company wasn't concerned because the unclassified file was on an FTP site that's not indexed by Internet search engines. "The only way you could find it is by an awful lot of investigation," said SRA spokeswoman Laura Luke.

    Gopher... No one looks there!
  7. anonymous ftp? by bl8n8r · · Score: 3, Funny

    > the SRA anonymous ftp server has been shutdown indefinitely

    Anonymous?... FTP? They may have as well put them on bitorrent and named them britneys_boobies.zip

    --
    boycott slashdot February 10th - 17th check out: altSlashdot.org
  8. Re:Is there no way to do better? by qzulla · · Score: 3, Insightful
    Is there any (operating) system out there with some sensible, security-aware data flow tracking? Such as 'when you copy something from a classified document into a non-classified document the non-classified one becomes classified'? Or attaching this kind of security information to files or other objects? I know that this is a major topic of research in computer science, but have never seen it in real use.

    I work in a class environment. I'll try to answer this.

    Why should the OS care? Who is going to build an OS that can determine what is class or not. That is the owner of the datas (data's?) job. The computer does not care. It happily does what it does - manage data. It is not its job to determine what is safe and what is not.

    That is for people to determine. In the end it is people who decide what goes where. I like it this way as there is some accountability and a paper (electronic) trail.

    So you write an app that determines what is class. Oops! The DB is down/not up to date/hosed by a virus. In other words, you is funked.

    Air gap. We have that. Locked ports. We have that. Two man rule. We have that. Can't talk beyond this. Sorry.

    My point is technology can only go so far in protecting stuff. The people doing this stuff only need to think of a few words.

    VPN. SecureID. One time passwords.

    But ftp with no passwords and not even sftp with passwords?

    Fire them all.

    qz

  9. Re:okay, explain that one by jank1887 · · Score: 4, Informative
    FOUO is specifically designated to NOT be used as a way of keeping Unclass info away from FOIA inquiries. It's for things that aren't government secrets, but shouldn't be shared with the general public. You would likely agree with many of these. Examples:

    Privacy Information, Social security numbers, medical, etc.
    Company Trade Secrets
    Legal documents, law enforcement documents, with limits
    And there are others, some discretionary. Full definition in Chapter 4 here (~100 page PDF):
    http://www.dtra.mil/documents/be/5400.7-R.pdf BUT, from Chapter 4:

    C4.1.1. General. Information that has not been given a security classification pursuant to the criteria of an Executive Order, but which may be withheld from the public because disclosure would cause a foreseeable harm to an interest protected by one or more FOIA Exemptions 2 through 9 (see Chapter C3.) shall be considered as being for official use only (FOUO). No other material shall be considered FOUO and FOUO is not authorized as an anemic form of classification to protect national security interests..

  10. Stupidy and Misinformation by RexRhino · · Score: 3, Interesting

    The military accidentally leaks valuable information, and the military intentionally "leaks" disinformation. It is not an either/or thing.

    "Leaking" disinformation would be useless if the military didn't actually leak real information. And if you do accidentally leak real information, it only makes sense to also release disinformation to create uncertainty.

    But there is probably no way that layman like most of us here can determine if this is fake or real simply from the information in the article.