US Army Files Found On Second-Hand MP3 Player

← Back to Stories (view on slashdot.org)

US Army Files Found On Second-Hand MP3 Player

Posted by CmdrTaco on Monday January 26, 2009 @02:29AM from the great-seller-+++ dept.

MichaelSmith writes "A New Zealand man who bought a second hand MP3 player from a store in the US found it loaded with the names and personal details of American soldiers, as well as a mission briefing and information about equipment. Chris Ogle says he will return the unit to the US Defense Department if asked, and that it never worked as a music player anyway. A slightly different version of the story is available from TVNZ."

50 of 184 comments (clear)

Min score:

Reason:

Sort:

Do it Chris Ogle! by Eddy+Luten · 2009-01-26 02:36 · Score: 3, Funny

Chris Ogle says he will return the unit to the US Defence Department if asked
They will also be able to conveniently download the contents on Wikileaks.org in 4.. 3.. 2.. 1..
1. Re:Do it Chris Ogle! by von_rick · 2009-01-26 03:01 · Score: 4, Funny
  
  in 4.. 3.. 2.. 1..
  NOBODY expects the Spanish Inquisition! Amongst our weaponry are such diverse elements as: fear, surprise, ruthless efficiency, , and nice red uniforms!
  
  --
  Face your daemons!
2. Re:Do it Chris Ogle! by L4t3r4lu5 · 2009-01-26 03:41 · Score: 3, Funny
  
  No papal fanaticism?
  
  Splitters!
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
3. Re:Do it Chris Ogle! by omuls+are+tasty · 2009-01-26 05:03 · Score: 2, Insightful
  
  Slashdot mods don't get Monty Python references? Dang it, the times they are a-changin...
4. Re:Do it Chris Ogle! by commodoresloat · 2009-01-26 05:23 · Score: 3, Funny
  
  We don't get Monty Python references, and you expect us to get a Bob Dylan one?
And the previous owner was? by El+Torico · 2009-01-26 02:42 · Score: 5, Insightful

The Army should ask for the return of the MP3 player (and pay for it), find out who put the files on it, and punish them. I don't expect that to happen.

--
In the land of the blind, the one-eyed man is usually crucified.
1. Re:And the previous owner was? by houghi · 2009-01-26 02:46 · Score: 5, Insightful
  
  Most likely they will try to punish the current owner.
  
  --
  Don't fight for your country, if your country does not fight for you.
2. Re:And the previous owner was? by A.+B3ttik · 2009-01-26 02:48 · Score: 3, Interesting
  
  I really doubt that the US Army is going to try and punish an innocent New Zealander for trying to do the right thing.
  
  Although I guess I'm not sure that announcing this to the news was "the right thing."
3. Re:And the previous owner was? by oldspewey · 2009-01-26 03:01 · Score: 4, Insightful
  
  I'm not sure that announcing this to the news was "the right thing."
  I think it was. Divulging the specific contents of the device might be inappropriate, but letting the world know about a screwup like this is most certainly "the right thing."
  
  --
  If libertarians are so opposed to effective government, why don't they all move to Somalia?
4. Re:And the previous owner was? by jandrese · 2009-01-26 03:03 · Score: 4, Interesting
  
  My guess is that like so much stuff found in second hand shops near bases, the MP3 player was stolen from the previous owner and sold for beer money. The files on it probably weren't classified or particularly sensitive and the previous owner was using it as a fancy thumb drive.
  
  --
  
  I read the internet for the articles.
5. Re:And the previous owner was? by Big+Hairy+Ian · 2009-01-26 03:17 · Score: 2, Informative
  
  Punish them for what? Is it illegal to keep names and information of unclassified material on your personal computer /mp3 players? At worst, it's FOUO (for official use only) information. While it could reflect on your performance evaluation negatively, there is nothing illegal about the release of FOUO information.
  If it contains the names & details of armed forces personnel it could very well be defined as a national security breach. The fact it contains a mission briefing & details of equipment would pretty much seal that one.
  
  --
  Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
6. Re:And the previous owner was? by whisper_jeff · 2009-01-26 03:21 · Score: 5, Interesting
  
  "I really doubt that the US Army is going to try and punish an innocent New Zealander for trying to do the right thing."
  
  Unfortunately, "doing the right thing" does not protect one from bureaucrats. When someone in a suit wants someone punished, they will find a target, even if it happens to be the person who did "the right thing." My favourite example of this was a woman who worked for a mid-sized company as an accountant. She noticed something questionable on the books and reported it to her boss. Her boss told her to ignore it and proceed. She knew that her boss was dodging the IRS and, not wanting to be a party to tax evasion, she reported the company to the IRS and quit. The IRS began an investigation and found, sure enough, the company was illegally avoiding paying taxes. The company, of course, used every method to dodge the IRS. The IRS, having lost their obvious target, decided to use a different tactic and elected to go after the accountant who was working for the company at the time the questionable events took place.
  
  The woman who reported the situation to them.
  
  The IRS ceased her home and garnished her wages (from her new job) to pay off the outstanding taxes. Doing the right thing resulted in this woman being screwed, to say the least.
  
  Yes, this is an extreme example and it's also an example of the old IRS (they've apparently had their power to abuse people reduced since then - this story took place ten or 15 years ago, iirc). But, it is still an example of someone doing the right thing yet still being turned into a target so that someone in a suit can punish _someone_.
7. Re:And the previous owner was? by Gandalf_Greyhame · 2009-01-26 03:22 · Score: 5, Insightful
  
  I am just trying to work this out. How is a New Zealand citizen able to commit treason against the US?
  treason: (noun) the crime of betraying one's country
  
  --
  I am not stubborn. I am right!
8. Re:And the previous owner was? by No+Grand+Plan · 2009-01-26 03:26 · Score: 2
  
  The files on it probably weren't classified or particularly sensitive
  I'd say names coupled with locations and mission briefings were pretty sensitive, wouldn't you? I don't expect there were any missile launch codes on the player, but still - these pieces of information could have been used for the wrong purpose and could potentially have done harm.
9. Re:And the previous owner was? by Anonymous Coward · 2009-01-26 03:29 · Score: 5, Funny
  
  Because you're either with us or you're with the terrorists. Didn't you get that memo?
10. Re:And the previous owner was? by Anonymous Coward · 2009-01-26 03:33 · Score: 3, Interesting
  
  Link or it didn't happen
11. Re:And the previous owner was? by furby076 · 2009-01-26 03:34 · Score: 2, Informative
  
  You don't think the army punishes people for violating secure data storage and usage? While slashdot is well-known for it's pessimistic view on life and thinks that every situation requires a tin foil hat you should a LITTLE more faith.
  By bringing this to the attention of the DoD they can determine what needs to be done with the MP3 player (most likely buy it from the person). The army takes a very dim view on allowing the names of its personnel leaking to the world. They are very protective about their soldiers. Plus they want to make sure the mission is not sensitive (it could be an old, declassified mission).
  If they can ascertain who owned the mp3 player they will most likely have some words with him, and depending on the reasoning behind him putting data on the mp3 player and the other information on it they will determine what to do.
  The army spends a LOT of money and a LOT of time securing their data - everyone knows this, especially the slashdot crew. Taking that into consideration to say the army will do very little if anything is a bit of a stretch on your part.
  
  --
  
  I do not support "The Man". I also do not support your irrational stupidity
12. Re:And the previous owner was? by Thelasko · 2009-01-26 03:42 · Score: 3, Interesting
  
  This would also make a good cover for spies.
  
  It works like this:
  1. Spy fills MP3 player with classified information.
  2. Spy drops off MP3 player at local second hand shop.
  3. Handler buys MP3 player.
  4. Profit!
  
  --
  One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
13. Re:And the previous owner was? by jandrese · 2009-01-26 04:07 · Score: 4, Insightful
  
  Wouldn't it be easier to just hide it somewhere (out in the woods for instance) instead of involving a third person who could potentially id both of you if the army comes looking?
  
  --
  
  I read the internet for the articles.
14. Re:And the previous owner was? by MadMidnightBomber · 2009-01-26 04:16 · Score: 2, Funny
  
  The IRS ceased her home and garnished her wages
  That usage sounds weird to this European - like I'd end up with a sprig of rosemary and a bit of orange peel in my pay packet, or something.
  
  --
  "It doesn't cost enough, and it makes too much sense."
15. Re:And the previous owner was? by whisper_jeff · 2009-01-26 04:25 · Score: 2, Interesting
  
  Given that I saw it on 60 Minutes (or some such show) about ten years ago, I wouldn't hold my breath waiting for a link...
16. Re:And the previous owner was? by Chih · 2009-01-26 05:30 · Score: 3, Interesting
  
  See, that's why this guy waited until Bush was out of office :)
  
  --
  For best results, avoid doing stupid things.
17. Re:And the previous owner was? by GooberToo · 2009-01-26 05:53 · Score: 2, Insightful
  
  If it happened that long ago it may very well be true. Many people don't realize, not so many years ago, the IRS had more power than the CIA or FBI and that changed only after significant IRS reform. IIRC, that changed under the Clinton Administration.
  Literally, not many years ago, if the IRS randomly decided you owed money, they would come in, seize all your accounts and assets. You would literal come home from work to find your crying family on the curb and your house boarded up. On arrival, your car would then be seized. You would then be expected to defend your self in rigged IRS court, where YOU had to prove the IRS was wrong, having no money, no house, no cars, and likely, no job. It was not uncommon for people arriving at IRS court to have left from living under a bridge or from other homeless outreach efforts. Employers and friends of these families were common threatened with like-action.
  Additionally, if they did discover an honest mistake, they could wait an indeterminate number of years to tell you about it and demand interest and penalties. So what may have been an honest thousand dollar mistake will now cost you your home and retirement account, and maybe even jail time. And did I mention IRS agents would get bonuses for collecting additional fees and properties so it was in their own interest for fuck you over?
  So while that specific situation may or may not have happened, rest assured the IRS has done significantly more to many more people who have done nothing but pay their taxes and done the right thing. And that's for a fact. It is far more likely the story is true than not. And if the story is not true, it is likely based on a composite of multiple true stories.
  If you don't want to believe this story, fine. But I urge you to search old news stories from the 70s - 90s for such stories. You'll readily find, the horror stories of the IRS are far, far worse.
18. Re:And the previous owner was? by El+Torico · 2009-01-26 06:00 · Score: 2, Interesting
  
  I've been in the US Army and I've worked with the US Army for a few years, and I've never seen anyone punished (Article 15 or court martial, or even a counseling statement) for an Information Security violation.
  
  --
  In the land of the blind, the one-eyed man is usually crucified.
19. Re:And the previous owner was? by geekboy642 · 2009-01-26 07:21 · Score: 2, Funny
  
  The most sophisticated weapon the united states military ever fielded was an M-16. Clearly, this iPod contained detailed technical schematics of this unbelievably powerful rifle. Also, every battalion publishes their entire enlisted roster on wikipedia every third saturday, so the Privacy Act doesn't matter either. Not to mention, mission details are routinely cribbed from bad Tom Clancy novels, so there couldn't be any important information there.
  It's all about the M-16, baby. Those dirty communists are gonna get their hands on our pop-gun!
  P.S. You're a moron.
  
  --
  Just another "DOJ fascist authoritarian totalitarian bootlicker" -- Zeio
20. Re:And the previous owner was? by Randle_Revar · 2009-01-26 07:40 · Score: 4, Funny
  
  >Because you're either with us or you're with the terrorists.
  Not since last Tuesday.
  
  --
  Climate Progress - Hell and High Water
21. Re:And the previous owner was? by Petrushka · 2009-01-26 10:41 · Score: 2, Informative
  
  I really doubt that the US Army is going to try and punish an innocent New Zealander for trying to do the right thing.
  Not punish, as such, no. But he has had access to information that the US didn't want him to have. I would imagine red flags will be popping up next to his name for quite a long time: he should be very very circumspect if he ever has to go through US immigration, for the foreseeable future.
  
  Although I guess I'm not sure that announcing this to the news was "the right thing."
  He gave a copy of the files to the local news, according to the TVNZ article.
They Should purchase it back by ITJC68 · 2009-01-26 02:54 · Score: 5, Interesting

If the military is not smart enough to purchase this item from the person and investigate how and who placed those files on this player then security is an afterthought and obviously flawed. This type of information couldn't have been obtained by a low level recruit either but someone higher in the chain of command. Either the FBI or the CIA should look into this without military oversight so there is no chance of influence. I doubt it will happen but I hope they do.
1. Re:They Should purchase it back by stewbacca · 2009-01-26 03:11 · Score: 2, Informative
  
  That is such an over-the-top reaction. First of all, this sort of thing happens to the magnitude of thousands of times a year. Check any E5 in the Army, and they've got a green "leaders" book with all kinds of personal information about their squad members. In the electronic age, all this stuff is also on their personal computers.
2. Re:They Should purchase it back by Dysproxia · 2009-01-26 03:46 · Score: 2, Funny
  
  I also happen to have several low-cost memory devices that contain what might or might not be top secret US military data. I'll gladly offer them for purchase.
They will be punished by MikeRT · 2009-01-26 02:54 · Score: 2, Informative

The military has already begun a comprehensive policy of prohibiting these devices for this very reason after that worm went through a bunch of military systems because of infected key drives.
Daily occurrence by mseeger · 2009-01-26 02:55 · Score: 4, Insightful

Hi,
i would expect this to happen on a daily basis. Usually the buyer will not be a journalist but some kid. The typical kid will say "boring stuff" and have those files deleted before finishing yawning. By doing so, they prevent more security leaks than most security officers.
Sincerly yours, Martin
1. Re:Daily occurrence by Yvanhoe · 2009-01-26 03:00 · Score: 2, Insightful
  
  But this happened so many time that it became prevalent and finally, someone with more insight got his hands on one. The performance of a security officer is not measured by the number of leaks he prevented, but by the number of leaks he let go...
  
  --
  The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
What would you do? by mwilliamson · 2009-01-26 03:00 · Score: 4, Insightful

Seriously, I'd just overwrite the device with a utility such as dban then keep my mouth shut, forever. This is the advice I'd offer anyone in this sort of situation. I actually take it a step further in that I dban _every_ used storage device I get without first looking to see what is on it, so I have no clue if I ever received something via a second-hand device that I should not have.
1. Re:What would you do? by L4t3r4lu5 · 2009-01-26 03:51 · Score: 4, Interesting
  
  A guy in my local (sorry, no citations) was sent an indecant image of (obviously) a child, and called teh police. They duely arrived, took a look at it, and took the guy out of the room.
  
  "Ok Sir, i'm going to go out the front door and close it behind me. Before I knock on your door again, that picture will have been deleted from your computer and you'll have forgotten about it. IF you mention it, i'll have to arrest you for posession of an indecent image of a minor."
  
  Even the cops think things like this are best swept under the carpet.
  
  Disclaimer: UK Law, YMMV
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
Re:so? by A.+B3ttik · 2009-01-26 03:01 · Score: 2, Funny

It would be really funny if some guy did just that and faked a bunch of mission briefings, put it on his secondhand mp3 player, then sold it to a pawn shop.

Next guy who buys it does the right thing and returns it, but the Army/CIA spend countless resources running in circles looking for the "leak."
Not just the military by wiredog · 2009-01-26 03:05 · Score: 2, Informative

Most of the US Gov is banning USB key drives, music players plugged into computers, and any other read/write media.

--

Best Slashdot Co
1. Re:Not just the military by stiggle · 2009-01-26 03:37 · Score: 5, Insightful
  
  Except they would like you use the USB mouse, USB keyboard to actually do some work :-) Easier to just lock the PC itself inside a cabinet so the end user doesn't have access to the box itself, just the keyboard, mouse, monitor.
2. Re:Not just the military by sholsinger · 2009-01-26 03:45 · Score: 2, Informative
  
  They've already disabled USB storage devices on ALL DoD information systems. Not just ones with access to "sensitive" information.
I'd hate to be the original owner by MikeRT · 2009-01-26 03:08 · Score: 5, Informative

Few seemingly innocuous things can get you in greater trouble in any part of the federal government, especially the DoD than bringing a personal portable storage device into an area that is restricted. Copying sensitive information onto one is, itself, a very serious offense that if a soldier gets caught doing will not only revoke any security clearance they had but quite possibly end their career in the federal government.
Re:what are the exit policies of the army? by NewbieProgrammerMan · 2009-01-26 03:20 · Score: 5, Informative

i would think that in an organization as large and as stereotypically stringent as the us army that they'd have some sort of exit policy for equipment and personnel.
I would have thought so, too, until I spent a few years in the US military. You'd be amazed how much and what kind of stuff makes it past policies (exit or otherwise). When I lived in a military town, it seems like I'd see a story every year or so about about service members getting caught with garages full of new and/or used stuff.

--
[b.belong('us') for b in bases if b.owner() == 'you']
So what? by TooMad · 2009-01-26 03:20 · Score: 3, Interesting

You can find secret information on wikipedia. After getting out of the service I decided to see if certain details were on certain pages and found the secret information. There is probably much more throughout the entire site that seems quite benign but it is still classified.
Re:what are the exit policies of the army? by UseTheSource · 2009-01-26 03:29 · Score: 2, Funny

When I lived in a military town, it seems like I'd see a story every year or so about about service members getting caught with garages full of new and/or used stuff.
That would make for one hell of a 'garage sale'! ;)

--
"Ein Volk, ein Reich, ein Führer." -Adolf Hitler
"We are one Nation, we are one People." -The One 'leader'
Fill in the blanks by Minwee · 2009-01-26 04:09 · Score: 5, Funny

Chris Ogle says he will return the unit to the US Defense Department if asked, and that it never worked as a music player anyway.
Oh, so it was a Zune?
Re:what are the exit policies of the army? by palegray.net · 2009-01-26 04:41 · Score: 2, Interesting

The Army doesn't used iPods to store data. Service members, however, have a habit of ignoring policies and using whatever storage mechanism is handy to transfer data between systems. I'm in the Navy, and I've seen similar behavior. Yes, there are policies against it on my side as well. Stuff still happens, and this is exactly why we have rules concerning storage devices.

--
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
Re:what are the exit policies of the army? by tlhIngan · 2009-01-26 05:04 · Score: 5, Insightful

The Army doesn't used iPods to store data. Service members, however, have a habit of ignoring policies and using whatever storage mechanism is handy to transfer data between systems. I'm in the Navy, and I've seen similar behavior. Yes, there are policies against it on my side as well. Stuff still happens, and this is exactly why we have rules concerning storage devices.
The problem is, if you ban storage devices, you're gonna have to provide an equally convenient way to move data around. Otherwise everyone's going to find their own method, which may be as simple as emailing it around.
The issue is that rules are made, but the rulemakers don't realize the reason why people were doing what they were doing. Ban storage devices, and if someone still needs to get data from point A to point B, well, you've just got a bunch of people who are going to find a way to either circumvent the rule, or to find an alternative, which may not be as secure.
Banning the devices without an equally convenient alternative will just result in people finding workarounds. Just don't be surprised what those workarounds are. Interfere with people Getting Stuff Done(tm) without educating them on How to Get Stuff Done without X...
Ding Chavez by cerelib · 2009-01-26 05:12 · Score: 2, Funny

I hope the files did not include the full dossier of Ding Chavez and his detailed plans for hostage rescues.
It's not just the Army by Richy_T · 2009-01-26 05:54 · Score: 5, Funny
I also recently purchased a used IPOD and found important naval information stored on it, most notably recruitment details describing how new recruits would be able to
- Learn Science Technology
- Learn to fly
- Play in sports and skin dive
- Study oceanography
- Sign up for the big band
- Or sit in the grandstand
  When your team and others meet
- sail the seven seas
- put your mind at ease
- join your fellow man
amongst other available activities. In the interests of national security, I deleted the file in question immediately.
But what can you really do? by Richy_T · 2009-01-26 06:02 · Score: 2, Funny

Information wants to be free. And this is information with military training.
Re:what are the exit policies of the army? by Frosty+Piss · 2009-01-26 06:34 · Score: 2, Interesting

Banning the devices without an equally convenient alternative will just result in people finding workarounds. Just don't be surprised what those workarounds are. Interfere with people Getting Stuff Done(tm) without educating them on How to Get Stuff Done without X...
This is the case with the current ban on thumb drives. For example, after years of being told we're moving electronic, the AF base I'm at switched to electronic crew pubs and forms, and other mission data from flights is built on board the aircraft, saved on a thumb drive, and downloaded to a system back home after the mission. There are work-arounds, but an entire system built on technology we can no longer use is an inconvenience that lends itself to unapproved / undocumented workarounds with even more security questions. We've always used government supplied thumb drives, but now a lot of people just (surreptitiously) use (more unknown) personal drives.

--
If you want news from today, you have to come back tomorrow.