Slashdot Mirror

← Back to Stories (view on slashdot.org)

Air Force Emails Sensitive Information to Tourism Site

Posted by Zonk on from the that's-a-pretty-spectacular-oopsie dept.

Khuffie writes "The US Air Force has been sending sensitive information, including flight plans for Air Force One, to a website promoting the town of Mildenhall in Suffolk. When told of the error by the site's owner, the Air Force did not attempt to fix it at first. When reminded at a later time, instead of fixing the issue, they advised the owner to 'block unrecognizable addresses from his domain and have an auto-reply sent reminding people of the official Mildenhall domain and blocked his website from access on base.'"

7 of 242 comments (clear)

  1. Wait a minute. by Jikrschbaum · · Score: 5, Interesting

    Isn't the Airforce the branch that has been tasked with Cyberspace security? Some kind of Cyber Command? Military Intelligence at its highest magnitude.

  2. Re:The Airforce... by Red+Flayer · · Score: 5, Interesting

    The budget.

    Military spending is a huge contributor to the US's debt problems, and anything that reduces the efficiency of the military contributes to the problem. Consider how expensive the air force is to maintain -- when it comes time to curtail the military budget, the air force has a lot of low-hanging fruit.

    Security breaches and awareness of systemic ineptitude will just increase the likelihood that the air force will be targeted with more cuts.

    Never mind the fact the a security breach, if taken advantage of by the wrong people, could be *very* expensive.

    --
    "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  3. Re:The Airforce and no IS Security by yuna49 · · Score: 4, Interesting

    I was bothered by the Air Force's casual response to this problem as well. Not to mention their mistreatment of the domain owner, telling him to rewrite his 550 SMTP reply to inform senders of the base's domain. Why didn't a "Communications Squadron" offer to work with the domain owner to resolve these problems? The fact that the USAF shrugged off this rather simple problem onto the domain owner tends to confirm your suspicions about the quality of their IT services.

  4. BBC... by mathimus1863 · · Score: 5, Interesting

    I love how I have to read other country's news reports to find out what's going on in my own country...

  5. Re:I have call this one BS by Asklepius+M.D. · · Score: 5, Interesting

    First - the KY-58 (the KGs are a different series such as the 84, 94, and 194) is designed to encrypt radio traffic, not network data. Second, security standards HAVE changed drastically. The AF combined small computer networking (2E2) with crypto maintenance (2E3) some time ago with only limited retraining in infosec. Email is used and abused to a huge extent in the military while good crypto is too often seen as an annoyance - even for critical systems. Many of the old safeguards are gone as part of efforts to cut costs and manpower. Most of the REALLY important stuff is still adequately protected, but coming from an AF IT background, I would argue that this story is more than plausible. No matter how much we want them to be otherwise, the AF really is just another large bureaucracy with a small percentage of highly competent people who somehow make things function in a crisis despite the efforts of the majority.

    --
    He who would be a man, must be a nonconformist. -- Emerson
  6. Re:I have call this one BS by stonewolf · · Score: 5, Interesting

    I own pendleton.com so any one who want to know who "stonewolf" is can now look me up :-) Pendleton.com is just to much like Pendleton.usmc.mil the domain for Camp Pendleton, the marine corp base.

    When I fist got the domain I had all email to invalid addresses forwarded to my mail box. I quickly found that I was getting the orders of the day for Pendleton Marine Corp base. I replied to the email and was immediately removed from the list. Over the years I got all sorts of official and private email sent to and from the base. But, as far as I can tell *none of it was classified*. Any time I replied and pointed out the problem I got a swift apology and never got an email from that source again. The most fun I had with it was when I accidentally got on a mailing list for retired SIGINT officers. Talk about a great group of highly intelligent and creative people! I am so glad they are our side.

    I figured out the the rewriting rules used by a lot of email systems would generate pendleton.com from many misspellings of pendleton.usmc.mil and there was nothing I could do about the problem. So, at first I lived with it.

    I finally set up my mail to bounce invalid addresses. I did it because email was becoming more popular I started getting a lot of very private communications meant for Marines and I didn't feel right about invading peoples privacy that way. I have always had a deep respect for the US military and the Marine in particular.

    I have to say that the US military can misaddress email as easily as anyone else. So, I believe that part of the story. But, I never saw anything that was even vaguely sensitive (even the SIGINT guys didn't talk about anything sensitive) in the several years I was getting email from the base. I do not believe that part of the story. The Marines were always courteous and on the ball. The kind of people where you can believe that if you looked on heavens scenes, you would find the streets are guarded by United States Marines.

    Stonewolf

  7. US Air Force is Not the First by shking · · Score: 4, Interesting

    From 2001 to 2005, CIBC, a large Canadian bank sent faxes containing customers' fund transfer requests to a West Virginia scrapyard. The faxes didn't stop until the bank was publicly embarrased in the national media.

    --
    -- "At Microsoft, quality is job 1.1" -- PC Magazine, Nov. 1994