MoD's Error Leaks Secrets of UK Nuclear Submarine

← Back to Stories (view on slashdot.org)

MoD's Error Leaks Secrets of UK Nuclear Submarine

Posted by timothy on Saturday April 16, 2011 @09:19PM from the captain-ramius-did-have-a-scottish-brogue dept.

Tasha26 writes "UK's Ministry of Defence admitted that secret information about its nuclear powered submarines was leaked on the internet by mistake. A 'technical error' (i.e. turning the background colour of certain text to black) meant that sensitive blacked-out parts of the online MoD report could be read by anyone who copy-pasted it into another document. This accidental leak reveals, among many other things, how easy it would be to cause a Fukushima-style reactor meltdown in a sub, and details of measures used by the US Navy to protect its own nuclear submarines."

44 of 248 comments (clear)

Min score:

Reason:

Sort:

People Are Stupid by Anonymous Coward · 2011-04-16 21:31 · Score: 5, Insightful

Why are the people who control dangerous things always so stupid?
Simple: The vast majority of people are stupid.
1. Re:People Are Stupid by Kilrah_il · 2011-04-16 21:42 · Score: 4, Insightful
  
  Actually, 50% of the people have below-average intelligence (assuming a Gaussian distribution), which is a far cry from a "vast majority". It's just that here on /. the average intelligence is above that of the general population (yea, I know), so we tend to look down on all the "others".
  Using background color to black-out sensitive material may seem stupid to us on /., but it is understandable that someone who doesn't know much about computers will think it is secure, esp. since the final PDF file is uneditable. The question is why someone with, obviously, minimal computer skills is given such an important task?
  
  --
  Whenever in an argument, remember this.
2. Re:People Are Stupid by second_coming · 2011-04-16 21:59 · Score: 2
  
  I'll use Hanlon's razor on your reply and merely point out that at least half the population are of above average intelligence.
  Many intelligent people have zero common sense, which is often the reason for seemingly stupid acts.
3. Re:People Are Stupid by u38cg · 2011-04-16 22:28 · Score: 4, Interesting
  
  Since there is no one way to measure intelligence, it's not really possible to say whether intelligence distribution is Gaussian (or anything else). IQ scores, however, are co-erced to a Gaussian distribution, one of the things that has always made me deeply suspicious of them. It is very clear that the natural distribution is *much* fatter tailed to the right than the Gaussian.
  
  --
  [FUCK BETA]
4. Re:People Are Stupid by WrongSizeGlass · 2011-04-16 23:18 · Score: 2
  
  Why are the people who control dangerous things always so stupid?
  Simple: The vast majority of people are stupid.
  Let's not forget that the vast majority of people who control dangerous things assume the vast majority of people are stupid so they don't do enough to protect things from the people who aren't as dumb as they should be.
5. Re:People Are Stupid by Anonymous Coward · 2011-04-16 23:21 · Score: 3, Funny
  
  And some of the bellow average people apparently don't understand the difference between average, mean and median.
  YOU CAN SAY THAT AGAIN!
6. Re:People Are Stupid by MightyYar · 2011-04-17 00:06 · Score: 2
  
  I'll use Hanlon's razor on your reply and merely point out that at least half the population are of above average intelligence.
  "Average" is not where I draw the line between stupid and smart. If there is such a line, it would be well above the mean line.
  
  --
  W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Re:hahaha by RoFLKOPTr · 2011-04-16 21:31 · Score: 3, Insightful

Or perhaps
Step 1 ) Remove sensitive information
Fukushima-style? by neokushan · 2011-04-16 21:31 · Score: 5, Insightful

"This accidental leak reveals, among many other things, how easy it would be to cause a Fukushima-style reactor meltdown in a sub"
Is that it, now? Is every single thing to do with nuclear reactors going to be compared to Fukushima from now on? What about if terrorists wanted to create a Chernobyl-style meltdown, or how about a three-mile-island-style meltdown?
No really, it's fine, I don't mind throwing random keywords in there to grab extra attention when it's completely unnecessary.

--
+1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
1. Re:Fukushima-style? by Kilrah_il · 2011-04-16 21:37 · Score: 5, Insightful
  
  Fukushima is the Library of Congress of nuclear meltdowns. Just as 9/11 is the LoC of terror attacks. People love relative terms; nobody understands a 10^9 becquerel of radiation.
  
  --
  Whenever in an argument, remember this.
2. Re:Fukushima-style? by Kronotross · 2011-04-16 22:59 · Score: 5, Funny
  
  Obviously they meant that it reveals how easy it would be to hit the submarine with a tidal wave after it experiences a ~9.0 earthquake, thus disconnecting its power from the energy grid it relies on to cool its core.
3. Re:Fukushima-style? by TheSync · 2011-04-16 23:01 · Score: 5, Insightful
  
  Fukushima meltdown means your backup cooling method goes out after a scram (and tsunami), and you are basically screwed. This requires a failure of imagination about worst possible scenarios combined with a bad plant location.
  Chernobyl explosion is a criticality accident. This requires a really high level of ignorant stupidity or purposeful attack.
  Three Mile Island meltdown is that you don't realize a valve is open and your core water boils away. This requires a level of stupidity in human/machine interaction.
4. Re:Fukushima-style? by thegarbz · 2011-04-16 23:52 · Score: 4, Insightful
  
  The vast majority don't understand "Fukushima-style" radiation either ;-)
5. Re:Fukushima-style? by DrBoumBoum · 2011-04-17 00:10 · Score: 2
  
  Sincerely interested here: how would you categorize the Davis-Besse near miss on this scale?
6. Re:Fukushima-style? by JamesP · 2011-04-17 00:26 · Score: 2
  
  Not to mention that, the average nuclear submarine has between 0.01 to 0.001 the amount of fuel than one reactor at Fukushima (maybe less)
  And a (slightly) different technology
  Next thing we'll know they're calling a RTG "this is flying Fukushima "
  
  --
  how long until /. fixes commenting on Chrome?
7. Re:Fukushima-style? by dunkelfalke · 2011-04-17 02:34 · Score: 2
  
  Nuclear submarine fuel is much more enriched, though.
  
  --
  "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
Junior Member? by Kilrah_il · 2011-04-16 21:34 · Score: 4, Insightful

From the article:

The senior technology consultant at web safety firm Sophos said: “It’s a staggeringly stupid thing to do. Anyone with even an elementary knowledge of computing would know how to read it. I can only assume they gave it to a junior member of staff to deal with.
On the contrary, a junior member probably would have had some computer know-how. They probably gave it to some old-timer who knows nothing about computers (apologies to all /. {1,2,3} UIDs; I am talking about mere mortals, and I will be sure to get off your lawn) and he just thought that if he changes the background, the words will remain blacked-out forever.
Oh, and BTW, what's with the last sentence?

Two weeks ago two officers were shot – one fatally – on HMS Astute, when it was docked in Southampton. Sailor Ryan Donovan, 23, has been charged with murder.
I don't see how it is related to the article, except in regards of it talking about one of Britain's submarines. Talk about tangentiality.

--
Whenever in an argument, remember this.
1. Re:Junior Member? by agw · 2011-04-16 21:57 · Score: 2
  
  From the article:
  
  Two weeks ago two officers were shot – one fatally – on HMS Astute, when it was docked in Southampton. Sailor Ryan Donovan, 23, has been charged with murder.
  I don't see how it is related to the article, except in regards of it talking about one of Britain's submarines. Talk about tangentiality.
  Guy in suicide mode shooting his fellow soldiers in walking distance to a nuclear reactor IS worth mentioning.
  It also reminds me of Hunt for Red October, which was a cool movie.
2. Re:Junior Member? by Kilrah_il · 2011-04-16 23:08 · Score: 2
  
  ...or with no toilets whatsoever!
  
  --
  Whenever in an argument, remember this.
3. Re:Junior Member? by Fnkmaster · 2011-04-16 23:15 · Score: 2
  
  Right, why do you need a toilet when you can just take a leak on the reactor to cool it down?
Daily Star? by neokushan · 2011-04-16 21:37 · Score: 4, Informative

On another note, why in the name of fuck is Slashdot posting anything from the Daily Star? The newspaper is most famous for its page-3 topless girls and their sheer determination to use words with as few syllables as possible.
Have a look at the website, the topics along the top, they've got an entire section dedicated to "Babes" and what's more the bottom of the article has the words "More 'News' Here". That's right, not even the website itself genuinely believes that it has real news there, instead opting to put the term in quotes.
Seriously...the daily star? Is this what slashdot has come to?

--
+1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
1. Re:Daily Star? by PolygamousRanchKid+ · 2011-04-16 22:15 · Score: 5, Insightful
  
  The newspaper is most famous for its page-3 topless girls
  Which is something that Slashdot could use more of! Forget, "OMG! Ponies!" How about next April 1st, we see a page-3 topless girls Slashdot site. Sure should be more interesting than all of those other April 1st articles . . .
  
  --
  Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
2. Re:Daily Star? by Alain+Williams · 2011-04-16 22:22 · Score: 3, Informative
  
  On another note, why in the name of fuck is Slashdot posting anything from the Daily Star? The newspaper is most famous for its page-3 topless girls and their sheer determination to use words with as few syllables as possible.
  So what if they have pictures of totty in their pages, that is not what is being linked to. The Daily Star do not seem to have made the story up, the write up seems as good as you get anywhere else. It appears that the Daily Star alterted the MOD about their stupidity so they are the origin of the story & deserve credit for that.
  If you are such an intellectual snob that you won't read the Daily Star, here is the story on the BBC.
3. Re:Daily Star? by Mark+Hood · 2011-04-16 22:40 · Score: 2
  
  Probably because they're the ones who broke the story - it's been picked up by slightly more high-brow outlets too, but it's a tradition that you link to the source of a story. Even the BBC point to them: http://www.bbc.co.uk/news/uk-13107413
  Unless you have a blog to pimp, and need the ad revenue... then you post your link on the front page and wait for the Slashdot effect to make you rich ;)
  
  --
  Liked this comment? Why not buy me something nice
4. Re:Daily Star? by Namarrgon · 2011-04-17 00:13 · Score: 2
  
  It appears that the Daily Star alterted the MOD about their stupidity
  So even the Daily Star is smarter than the Ministry of Defense now?
  We are so screwed.
  
  --
  Why would anyone engrave "Elbereth"?
Wikileaks to blame! by toetagger · 2011-04-16 21:42 · Score: 2

Obviously, this is all the fault of wikileaks & Julian Assange! It was his actions that awoke the appetite of the general public to consume dangerous information that they are not allowed to have. Even the safeguards put in place by the government to protect its people from such dangerous information, the Freedom of Information Act, is now no longer effective. We need to pass new legislation quickly to correct this issue at once!
Therefore, I submit the following legislation for review:
1) Make using Copy/Paste illegal
2) Remove the color black from all computer monitors
3) Imprison anyone with a daily subscription to The Sun, as they have been exposed to this dangerous information and need to be contained.
With these 3 simple steps, we can insure the security of our nuclear submarines, and therefore our people, for the next 100 years!
the actual news by johnjones · 2011-04-16 21:46 · Score: 4, Informative

DO NOT look at the Star newspaper it's like looking at the national inquirer....
the people who broke the news where UK channel 4
see this link for the story
http://www.channel4.com/news/britains-nuclear-subs-potentially-vulnerable-to-accidents
the document seems flattened but is here
http://robedwards.typepad.com/files/declassified-report-to-mod-defence-board.pdf/a
anyone actually able to copy and paste from it ?
why does the MOD use microsoft word for these type of things is beyond me...
regards
John Jones
p.s. do you think china et. al. have the same problems...
It's not the user's fault by purplie · 2011-04-16 22:03 · Score: 4, Insightful

Most users are non-technical. This is an old issue and it's not excusable that the application didn't give a warning.
1. Re:It's not the user's fault by TheRaven64 · 2011-04-16 22:07 · Score: 3, Insightful
  
  How would the application know? The user is just drawing a black rectangle, or changing the background colour of the text. Deleting data from a PDF is easy - it's all stored as a dictionary of objects, and it's trivial to replace an object with a different one (you can do it in a text editor, and vim will even syntax highlight the PDF markup for you) - but if you use a drawing tool instead of a redaction tool in a graphical editor then that's user error. The user fundamentally needs to know the difference between adding information to a document and removing information. A tool that warns a user whenever they draw a rectangle that they're not redacting data would be insanely irritating.
  
  --
  I am TheRaven on Soylent News
2. Re:It's not the user's fault by Alain+Williams · 2011-04-16 22:11 · Score: 3, Insightful
  
  Most users are non-technical.
  Management should ensure that those should be properly trained to do their job. Those responsible for putting stuff on web sites (or where ever) should know what they are doing. Would it be acceptable to say ''he blew up the nuclear sub because he didn't know how to manage the reactor'' ?
  
  This is an old issue and it's not excusable that the application didn't give a warning.
  The application was probably instructed to turn the background black, it was probably not instructed to make certain text unreadable.
  This is a management issue but, as ever, I can see them just blaming some muppet at the bottom of the pile.
3. Re:It's not the user's fault by MichaelSmith · 2011-04-16 22:41 · Score: 5, Funny
  
  The other day the administrator in my department was organising a project to electronically sign all documents. Thats how they describe it anyway. They are going to scan a bunch of written signatures and paste them in to the documents which are "signed". There will be a directory (sorry, "folder") full of signatures to choose from.
  
  --
  http://michaelsmith.id.au
4. Re:It's not the user's fault by WrongSizeGlass · 2011-04-16 23:09 · Score: 2
  
  Um, this was a PDF so Adobe was involved. Adobe has shown on countless occasions that they have no idea what security is or should be. I'm surprised they didn't offer to remove the 'black' for them if they bought the 'Redact the Redactions' plugin for a mere $199.95.
5. Re:It's not the user's fault by WrongSizeGlass · 2011-04-16 23:12 · Score: 5, Funny
  
  Does this mean anyone who wants to sign a document as, say, the administrator of your department can use his signature with a simple copy & paste? If so you should issue a memo, "signed" by the administrator, announcing the cancelation of the "electronic signature project". ;-)
6. Re:It's not the user's fault by JustOK · 2011-04-16 23:34 · Score: 2
  
  Make up one for Venus de Milo
  
  --
  rewriting history since 2109
7. Re:It's not the user's fault by TubeSteak · 2011-04-16 23:49 · Score: 5, Informative
  
  They are going to scan a bunch of written signatures and paste them in to the documents which are "signed". There will be a directory (sorry, "folder") full of signatures to choose from.
  This is modded +5 funny, but it is tragically common in the medical and professional world.
  A lot of doctor's offices are printing out pre-signed perscriptions on 8x11 instead of hand writing/signing on perscription pads whose paper has security features.
  
  --
  [Fuck Beta]
  o0t!
Better BBC link by Anonymous Coward · 2011-04-16 22:26 · Score: 2, Informative

The Daily Star doesn't cost very much in the UK because they don't need to pay for clothes for some of the models.
Here's the BBC link: http://www.bbc.co.uk/news/uk-13107413.
Apparently something to do with blacking out parts of a report but the text still being there when you paste it into another document.
Re:Avoid the Tsunamis by MichaelSmith · 2011-04-16 22:42 · Score: 4, Funny

Not if they are full of leaks.

--
http://michaelsmith.id.au
WYSWYG mindset strikes again by introcept · 2011-04-16 23:01 · Score: 3, Insightful

The problem is using programs that advertise themselves as WYSWYG editors when in fact they're not.
Now it's unreasonable to expect the every computer-literate but non-expert user to understand the data format, encoding and specific behaviour of every document editor. The blame here rests solely on the management that should have trained users how to manipulate sensitive documents using approved tools.
RTFD by Anonymous Coward · 2011-04-16 23:07 · Score: 4, Informative

Have you actually LOOKED at the document?
Its original classification was "RESTRICTED - UK EYES ONLY" which is basically a rather quaint old fashioned form of "UK RESTRICTED".
RESTRICTED is the lowest level that requires any special handling to speak of. We would tend to assume that foreign intelligence agencies already have everything that is RESTRICTED.
CONFIDENTIAL is the lowest level at which any serious effort is taken to prevent FISs getting hold of the information, and then exponentially more protective measures are taken as one moves through SECRET and TOP SECRET.
So whilst embarrassing, it doesn't contain anything that any halfway competent FIS would not have already been aware.
Move on, nothing to see here....
Re:hahaha by PhunkySchtuff · 2011-04-16 23:31 · Score: 5, Informative

It absolutely boggles my mind that this can still happen.
Adobe specifically have put in a redaction feature into Acrobat Pro just to do this, and it couldn't be easier to use.
You select the redaction tool and drag your mouse over the text to redact. Select as many pieces of text as you want, they're hilighted while you're doing it so you can see what you're doing.
Then, when you're done, click the Apply Redactions button and it's done.
Not only is the text on the page redacted, but any metadata (and there's often quite a bit in your average PDF) that could potentially leak important information is removed too. You now have a PDF that's safe to distribute and I'd wager that it's actually easier to do it this way than it would be to draw black rectangles over everything you want to hide.

--
Specialist Mac support for creative pros, Melbourne
Re:hahaha by MightyYar · 2011-04-17 00:01 · Score: 2

Or perhaps
Step 1 ) Remove sensitive information
Hasn't this bitten people in the past when they shared a Word document that had quick save enabled or something like that?

--
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Re:hahaha by frozentier · 2011-04-17 00:04 · Score: 2

Or perhaps Step 1 ) Remove sensitive information
Exactly. Why the hell would you put ANYTHING sensitive like that on any computer connected to the internet?
Importance of sub warefare against Taliban by edxwelch · 2011-04-17 00:40 · Score: 2, Funny

I think these nuclear subs are well worth the expense. How else will Britain deal with Taliban aircraft carriers?
Re:Sure... by OeLeWaPpErKe · 2011-04-17 01:04 · Score: 2

And a highschool chemistry lab probably contains all you need to read exactly what was under the blacked out portions of a "real" document too. If they used those thick pens to black out printed ink (e.g. laserprinter ink), all you need is some alcohol. Of course, in the general case, it requires a bit of knowledge.
But If you're lucky with the paper type, all you need is a lightbulb.
Laserprinter ink can be made to perform an especially cool trick, saving a lot of time. For at least 48 hours after printing the ink will still attract other pieces of metal (not big ones, obviously). So no matter how well it's blacked out, metal filings can easily reveal whatever was printed. Just drop em on the paper and shake it a little bit.