Slashdot Mirror

← Back to Stories (view on slashdot.org)

Air Force Emails Sensitive Information to Tourism Site

Posted by Zonk on from the that's-a-pretty-spectacular-oopsie dept.

Khuffie writes "The US Air Force has been sending sensitive information, including flight plans for Air Force One, to a website promoting the town of Mildenhall in Suffolk. When told of the error by the site's owner, the Air Force did not attempt to fix it at first. When reminded at a later time, instead of fixing the issue, they advised the owner to 'block unrecognizable addresses from his domain and have an auto-reply sent reminding people of the official Mildenhall domain and blocked his website from access on base.'"

35 of 242 comments (clear)

  1. The Airforce... by megla · · Score: 4, Funny

    ...because it's always someone elses problem.

    1. Re:The Airforce... by megla · · Score: 3, Informative

      I'm guessing being emailed confidential deployment plans and the route for Airforce 1 would get them off to a good start!

    2. Re:The Airforce... by Red+Flayer · · Score: 5, Interesting

      The budget.

      Military spending is a huge contributor to the US's debt problems, and anything that reduces the efficiency of the military contributes to the problem. Consider how expensive the air force is to maintain -- when it comes time to curtail the military budget, the air force has a lot of low-hanging fruit.

      Security breaches and awareness of systemic ineptitude will just increase the likelihood that the air force will be targeted with more cuts.

      Never mind the fact the a security breach, if taken advantage of by the wrong people, could be *very* expensive.

      --
      "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
    3. Re:The Airforce... by aug24 · · Score: 3, Funny

      In other news, the Air Force has requested that prostitutes, drug dealers and off-licences refuse money from US Airmen, and tell them to spend it on something moral and all-American instead.

      --
      You're only jealous cos the little penguins are talking to me.
    4. Re:The Airforce... by morgan_greywolf · · Score: 5, Insightful

      You seriously think that we "walked over Iraq"? Perhaps it escaped your attention but we are still fighting there, and we have not won yet. I suggest you read more newspapers. While I agree with your sentiment, I feel I have to point that we did "win" in Iraq. The regime in Iraq changed. We defeated the Iraqi military. What we're still fighting over there, though, isn't so much as the "enemy" as it is just basically mass chaos, which either U.S. military intelligence either knew or should have known would happen in a country splintered and segregated along ethnic, religious and cultural divisions. After all, isn't that why there's never been any significant time of peace in the nation of Israel since its founding in the first half of the last century? (Not to mention that other people from outside of Iraq are capitalizing on this chaos and taking pot shots at the U.S. military whenever possible.)

      Y'all have to look past the rhetoric coming from both sides of the political aisle and see the situation for what it is: fubar'd.

      --
      My blog
    5. Re:The Airforce... by Serious+Callers+Only · · Score: 5, Insightful

      The real question is what is sensitive information like that doing being sent over email without encryption. If they're sending things like flight plans and military tactics via plain email, it should be considered a security breach no matter who the recipient is. Anyone could easily read it on the way between the two servers, it might get forwarded to someone who shouldn't see it, it can be changed by servers en-route or bogus data inserted etc etc. I imagine most security services would find it easy to infiltrate an ISP here and there and watch traffic as it goes through, and no one would be any the wiser.

    6. Re:The Airforce... by 172pilot · · Score: 5, Insightful

      How I wish that were true, but you miss a fundamental difference between private industry and the government... When a private company has such efficiency problems, it goes out of business, but when a government agency has trouble, the trouble is presented as "evidence" that "the problem is bigger than we thought" and that more money needs to be allocated to correct the problem. Of course, the fundamental problem which is ignored is the leadership of the organization wasting the money, so the problem never gets fixed, but budgets get bigger and bigger.. At least in the Military's case, their function is one which can be justified by the Constitution - Most of the other government waste is in programs that the government has no right to be spending a dime on in the first place...

      --
      -Steve Tired of voting for the "lesser of two evils?" Come talk about it on www.bothsidesarewrong.com
    7. Re:The Airforce... by richlv · · Score: 5, Insightful

      he should simply autoforward those mails to wikileaks

      --
      Rich
    8. Re:The Airforce... by innerweb · · Score: 5, Insightful

      .there is a level of accountability that should be enforced both during, and after your time in office

      Yeah - nothing against you, but come on. Bill Clinton got caught with an extra-marital affair, and was put up for impeachment for lying under oath about it. The current president lied, manipulated people in positions of authority and created an environment where his business allies could earn billions off of the war and he is not even being investigated. *accountability* Give me a break. Pres Bush Jr is the one who finally showed me the futile light of our current governmental/business systems.

      The current president has done more damage to our future than any other force, person or organization in the US's history. There really is a price to pay for the incredible amount of debt we have and the debacles in Iraq and Afghanistan. It creates instability in the regions, the world, the markets and it weakens our governments ability to deal with a real crisis when it occurs (and they do occur). Saddam was evil, but not a crisis and through GW's actions, we have given fundamentalism another strong foothold in the Middle East. We can not afford (financially) to stick around long enough in Iraq to fix the problems that are there now.

      He has made thousands of people incredibly wealthy (not just wealthy) with his politics. If there has been a President in history who needs to be investigated for the well being of our national future, if not only for the strong potential for serious criminal conduct, it is President Bush Jr.

      Accountability is only possible with transparency and memory. People have to be able to see and then want to remember what they have seen. As we have neither in sufficient quantity, we do not have accountability. I think Bush will walk away from this a wealthy man with no fear of being prosecuted for what he has done.

      InnerWeb

      --
      Freud might say that Intelligent Design is religion's ID.
    9. Re:The Airforce... by rkanodia · · Score: 3, Funny

      Just think of how long we've spent after the destruction of symbols of US capitalism, the World Trade Center Towers. Multiply that by 1000, and you'd have

      'Jesus, that's...'
      'Yes. Nine hundred and eleven thousand.'

  2. Wait a minute. by Jikrschbaum · · Score: 5, Interesting

    Isn't the Airforce the branch that has been tasked with Cyberspace security? Some kind of Cyber Command? Military Intelligence at its highest magnitude.

  3. Send in the B2's by DeeVeeAnt · · Score: 5, Funny

    It's the only way to neutralise the tourist threat!

    --
    Home fucking is killing prostitution.
  4. Conspiracy! by neokushan · · Score: 5, Funny

    It's almost as if they WANT someone to kill the president....

    --
    +1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
  5. USAF 1, british civilians 0 by Chief+Camel+Breeder · · Score: 3, Insightful

    I see from TFA that the owner finally took his site off-line because of the problem. So the USAF probably considers the problem solved. Another triumph for American diplomacy.

  6. The Cheney Effect by TheSixth1 · · Score: 5, Funny

    The Vice president accidentally shoots a man in the face, and it's the mans fault for getting in the way of the buckshot. The Air Force emails sensitive information to a website owner, and it's the site owner's fault for receiving it.

    The Cheney Effect is spreading!

  7. OPSEC and COMSEC by Ethanol-fueled · · Score: 4, Insightful

    This from the mighty mighty Air Force which banned blogs, which accidentally flew nukes cross-country, which wants to start a "Cyber-Command." Not trying to flame, but why do they insult their own intelligence by banning the viewing of blogs while allowing this sort of crap to happen?

  8. E-mail is a postcard by mdmkolbe · · Score: 5, Insightful

    If the Air Force is sending that info over unencrypted e-mail, they have bigger problems than just the e-mail going to the wrong domain.

    This kind of makes me suspicious that he article might just be hyperbole.

    1. Re:E-mail is a postcard by Twisted+Willie · · Score: 3, Insightful

      Mod parent up.

      If flight plans of Air Force One are being sent over a public network in plaintext, it doesn't matter in whose mailbox they end up really.

  9. Hmm by rolfc · · Score: 3, Insightful

    I wonder if taking down the website will stop the emails from coming?

    Nope, I dont think so.

    1. Re:Hmm by gsslay · · Score: 4, Funny

      It'll remove that cunning "click here to submit US Airforce secrets" link from his homepage.

  10. preemptive move by Atreide · · Score: 3, Insightful

    'block unrecognizable addresses from his domain'

    isn't it more effective if air force domain names are removed from world wide dns ?

    --
    The world belongs to those who get up early. - I'm far from being the king of Earth then :-(
  11. I have call this one BS by Perl-Pusher · · Score: 5, Informative

    I spent 20 years in the Air Force. All DOD domains end in .mil not .com. We only have this persons word, didn't see one example. Flight plans via email. Crap! the DOD uses a device called KG-58 its an encryption device. The key is sent via courier every month. That is the only approved way to send any sensitive information.

    "It had the notice 'Destroy by any means to prevent capture'," Right, that's absolute crap. One that is not the correct wording. Two its an electronic message, its on your hard drive. Did his computer explode after reading it? I'm sure there are idiots who sent things to his domain. But these just could not be official communications. There are way too many safeguards in place.

    People from government ministry of finance offices in African Nations are always send me stuff too.

    Lets see some real proof!

    1. Re:I have call this one BS by Asklepius+M.D. · · Score: 5, Interesting

      First - the KY-58 (the KGs are a different series such as the 84, 94, and 194) is designed to encrypt radio traffic, not network data. Second, security standards HAVE changed drastically. The AF combined small computer networking (2E2) with crypto maintenance (2E3) some time ago with only limited retraining in infosec. Email is used and abused to a huge extent in the military while good crypto is too often seen as an annoyance - even for critical systems. Many of the old safeguards are gone as part of efforts to cut costs and manpower. Most of the REALLY important stuff is still adequately protected, but coming from an AF IT background, I would argue that this story is more than plausible. No matter how much we want them to be otherwise, the AF really is just another large bureaucracy with a small percentage of highly competent people who somehow make things function in a crisis despite the efforts of the majority.

      --
      He who would be a man, must be a nonconformist. -- Emerson
    2. Re:I have call this one BS by stonewolf · · Score: 5, Interesting

      I own pendleton.com so any one who want to know who "stonewolf" is can now look me up :-) Pendleton.com is just to much like Pendleton.usmc.mil the domain for Camp Pendleton, the marine corp base.

      When I fist got the domain I had all email to invalid addresses forwarded to my mail box. I quickly found that I was getting the orders of the day for Pendleton Marine Corp base. I replied to the email and was immediately removed from the list. Over the years I got all sorts of official and private email sent to and from the base. But, as far as I can tell *none of it was classified*. Any time I replied and pointed out the problem I got a swift apology and never got an email from that source again. The most fun I had with it was when I accidentally got on a mailing list for retired SIGINT officers. Talk about a great group of highly intelligent and creative people! I am so glad they are our side.

      I figured out the the rewriting rules used by a lot of email systems would generate pendleton.com from many misspellings of pendleton.usmc.mil and there was nothing I could do about the problem. So, at first I lived with it.

      I finally set up my mail to bounce invalid addresses. I did it because email was becoming more popular I started getting a lot of very private communications meant for Marines and I didn't feel right about invading peoples privacy that way. I have always had a deep respect for the US military and the Marine in particular.

      I have to say that the US military can misaddress email as easily as anyone else. So, I believe that part of the story. But, I never saw anything that was even vaguely sensitive (even the SIGINT guys didn't talk about anything sensitive) in the several years I was getting email from the base. I do not believe that part of the story. The Marines were always courteous and on the ball. The kind of people where you can believe that if you looked on heavens scenes, you would find the streets are guarded by United States Marines.

      Stonewolf

  12. Re:The Airforce and no IS Security by callistra.moonshadow · · Score: 3, Insightful

    I think that this may have to do with bravado, but more likely it has to do with plain old ignorance. I seriously doubt the Airforce has good IT personnel. Maybe I'm being an IT snob, but from what I've heard from family members that work in government and other civil service (one is pretty highly ranked) is that (as we all know) woefully behind the times. I suspect that an email about data being sent to a public URL may have been seen as cryptic to whatever administrator ended up with the information. On a different thread I was talking about identify theft and how the government is one of the largest areas where proprietary data is stolen from. I think that it's just another symptom of a much more systemic problem within government agencies in the US.

    --cally

    --
    --Cally
  13. Re:The Airforce and no IS Security by yuna49 · · Score: 4, Interesting

    I was bothered by the Air Force's casual response to this problem as well. Not to mention their mistreatment of the domain owner, telling him to rewrite his 550 SMTP reply to inform senders of the base's domain. Why didn't a "Communications Squadron" offer to work with the domain owner to resolve these problems? The fact that the USAF shrugged off this rather simple problem onto the domain owner tends to confirm your suspicions about the quality of their IT services.

  14. BBC... by mathimus1863 · · Score: 5, Interesting

    I love how I have to read other country's news reports to find out what's going on in my own country...

  15. Join the Air Force! by elrous0 · · Score: 5, Funny

    We fuck up more before 8 a.m than most people fuck up all day.

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
  16. Re:Quick fix by WK2 · · Score: 3, Insightful

    Yes. Or, they could not send sensitive information via email.

    --
    Write your own Choose Your Own Adventure. http://www.freegameengines.org/gamebook-engine/
  17. US Air Force is Not the First by shking · · Score: 4, Interesting

    From 2001 to 2005, CIBC, a large Canadian bank sent faxes containing customers' fund transfer requests to a West Virginia scrapyard. The faxes didn't stop until the bank was publicly embarrased in the national media.

    --
    -- "At Microsoft, quality is job 1.1" -- PC Magazine, Nov. 1994
  18. Did you expect the Air Force to be 100% efficient? by howardd21 · · Score: 3, Interesting

    I was in the US Air Force for 12 years, and and have now been in private industry for about the same, and I can tell you the USAF is reflective of all organizations. It makes mistakes like all others, exceeds standards in a lot, and at the end of the day gets the job done using the resources allotted to it. If there is low hanging fruit there, it is generally no more or less than anywhere else.

    --
    no comment
  19. Military intelligence, it would seem.. by the_rajah · · Score: 3, Funny

    is still an oxymoron.

    --


    "Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain
  20. You're crazy by jgoemat · · Score: 4, Insightful

    An attacker who took that turkey down would get a pat on the back and free beers in every bar across the United States.

    Who among us would be happy to have Dick Cheney as president?

    1. Re:You're crazy by ahodgson · · Score: 4, Insightful

      He's been president for 7 years ...

  21. Re:The Airforce and no IS Security by corbettw · · Score: 3, Insightful

    Why didn't a "Communications Squadron" offer to work with the domain owner to resolve these problems? Why didn't someone just update the distribution list in Exchange? How freakin' hard is that?

    Besides, these emails should have been going over SIPR (secret military VPN), not NIPR (public Internet). The SIPR machines can't route email to NIPR networks, so the problem never would've happened in the first place if proper OPSEC had been followed. Someone needs an Article 15 for this.

    (I'm a former IT1 in the Navy, and worked with Air Force guys in Operation Northern Watch, and I can state that all of the Air Force personnel I worked with in the comms section were highly skilled professionals, so this is not a slam on Air Force-types in general.)
    --
    God invented whiskey so the Irish would not rule the world.