Slashdot Mirror

← Back to Stories (view on slashdot.org)

MoD's Error Leaks Secrets of UK Nuclear Submarine

Posted by timothy on from the captain-ramius-did-have-a-scottish-brogue dept.

Tasha26 writes "UK's Ministry of Defence admitted that secret information about its nuclear powered submarines was leaked on the internet by mistake. A 'technical error' (i.e. turning the background colour of certain text to black) meant that sensitive blacked-out parts of the online MoD report could be read by anyone who copy-pasted it into another document. This accidental leak reveals, among many other things, how easy it would be to cause a Fukushima-style reactor meltdown in a sub, and details of measures used by the US Navy to protect its own nuclear submarines."

25 of 248 comments (clear)

  1. People Are Stupid by Anonymous Coward · · Score: 5, Insightful

    Why are the people who control dangerous things always so stupid?

    Simple: The vast majority of people are stupid.

    1. Re:People Are Stupid by Kilrah_il · · Score: 4, Insightful

      Actually, 50% of the people have below-average intelligence (assuming a Gaussian distribution), which is a far cry from a "vast majority". It's just that here on /. the average intelligence is above that of the general population (yea, I know), so we tend to look down on all the "others".
      Using background color to black-out sensitive material may seem stupid to us on /., but it is understandable that someone who doesn't know much about computers will think it is secure, esp. since the final PDF file is uneditable. The question is why someone with, obviously, minimal computer skills is given such an important task?

      --
      Whenever in an argument, remember this.
    2. Re:People Are Stupid by u38cg · · Score: 4, Interesting

      Since there is no one way to measure intelligence, it's not really possible to say whether intelligence distribution is Gaussian (or anything else). IQ scores, however, are co-erced to a Gaussian distribution, one of the things that has always made me deeply suspicious of them. It is very clear that the natural distribution is *much* fatter tailed to the right than the Gaussian.

      --
      [FUCK BETA]
    3. Re:People Are Stupid by Anonymous Coward · · Score: 3, Funny

      And some of the bellow average people apparently don't understand the difference between average, mean and median.

      YOU CAN SAY THAT AGAIN!

  2. Re:hahaha by RoFLKOPTr · · Score: 3, Insightful

    Or perhaps
    Step 1 ) Remove sensitive information

  3. Fukushima-style? by neokushan · · Score: 5, Insightful

    "This accidental leak reveals, among many other things, how easy it would be to cause a Fukushima-style reactor meltdown in a sub"

    Is that it, now? Is every single thing to do with nuclear reactors going to be compared to Fukushima from now on? What about if terrorists wanted to create a Chernobyl-style meltdown, or how about a three-mile-island-style meltdown?
    No really, it's fine, I don't mind throwing random keywords in there to grab extra attention when it's completely unnecessary.

    --
    +1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
    1. Re:Fukushima-style? by Kilrah_il · · Score: 5, Insightful

      Fukushima is the Library of Congress of nuclear meltdowns. Just as 9/11 is the LoC of terror attacks. People love relative terms; nobody understands a 10^9 becquerel of radiation.

      --
      Whenever in an argument, remember this.
    2. Re:Fukushima-style? by Kronotross · · Score: 5, Funny

      Obviously they meant that it reveals how easy it would be to hit the submarine with a tidal wave after it experiences a ~9.0 earthquake, thus disconnecting its power from the energy grid it relies on to cool its core.

    3. Re:Fukushima-style? by TheSync · · Score: 5, Insightful

      Fukushima meltdown means your backup cooling method goes out after a scram (and tsunami), and you are basically screwed. This requires a failure of imagination about worst possible scenarios combined with a bad plant location.

      Chernobyl explosion is a criticality accident. This requires a really high level of ignorant stupidity or purposeful attack.

      Three Mile Island meltdown is that you don't realize a valve is open and your core water boils away. This requires a level of stupidity in human/machine interaction.

    4. Re:Fukushima-style? by thegarbz · · Score: 4, Insightful

      The vast majority don't understand "Fukushima-style" radiation either ;-)

  4. Junior Member? by Kilrah_il · · Score: 4, Insightful

    From the article:

    The senior technology consultant at web safety firm Sophos said: “It’s a staggeringly stupid thing to do. Anyone with even an elementary knowledge of computing would know how to read it. I can only assume they gave it to a junior member of staff to deal with.

    On the contrary, a junior member probably would have had some computer know-how. They probably gave it to some old-timer who knows nothing about computers (apologies to all /. {1,2,3} UIDs; I am talking about mere mortals, and I will be sure to get off your lawn) and he just thought that if he changes the background, the words will remain blacked-out forever.

    Oh, and BTW, what's with the last sentence?

    Two weeks ago two officers were shot – one fatally – on HMS Astute, when it was docked in Southampton. Sailor Ryan Donovan, 23, has been charged with murder.

    I don't see how it is related to the article, except in regards of it talking about one of Britain's submarines. Talk about tangentiality.

    --
    Whenever in an argument, remember this.
  5. Daily Star? by neokushan · · Score: 4, Informative

    On another note, why in the name of fuck is Slashdot posting anything from the Daily Star? The newspaper is most famous for its page-3 topless girls and their sheer determination to use words with as few syllables as possible.

    Have a look at the website, the topics along the top, they've got an entire section dedicated to "Babes" and what's more the bottom of the article has the words "More 'News' Here". That's right, not even the website itself genuinely believes that it has real news there, instead opting to put the term in quotes.

    Seriously...the daily star? Is this what slashdot has come to?

    --
    +1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
    1. Re:Daily Star? by PolygamousRanchKid+ · · Score: 5, Insightful

      The newspaper is most famous for its page-3 topless girls

      Which is something that Slashdot could use more of! Forget, "OMG! Ponies!" How about next April 1st, we see a page-3 topless girls Slashdot site. Sure should be more interesting than all of those other April 1st articles . . .

      --
      Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
    2. Re:Daily Star? by Alain+Williams · · Score: 3, Informative

      On another note, why in the name of fuck is Slashdot posting anything from the Daily Star? The newspaper is most famous for its page-3 topless girls and their sheer determination to use words with as few syllables as possible.

      So what if they have pictures of totty in their pages, that is not what is being linked to. The Daily Star do not seem to have made the story up, the write up seems as good as you get anywhere else. It appears that the Daily Star alterted the MOD about their stupidity so they are the origin of the story & deserve credit for that.

      If you are such an intellectual snob that you won't read the Daily Star, here is the story on the BBC.

  6. the actual news by johnjones · · Score: 4, Informative

    DO NOT look at the Star newspaper it's like looking at the national inquirer....

    the people who broke the news where UK channel 4

    see this link for the story

    http://www.channel4.com/news/britains-nuclear-subs-potentially-vulnerable-to-accidents

    the document seems flattened but is here
    http://robedwards.typepad.com/files/declassified-report-to-mod-defence-board.pdf/a

    anyone actually able to copy and paste from it ?

    why does the MOD use microsoft word for these type of things is beyond me...

    regards

    John Jones

    p.s. do you think china et. al. have the same problems...

  7. It's not the user's fault by purplie · · Score: 4, Insightful

    Most users are non-technical. This is an old issue and it's not excusable that the application didn't give a warning.

    1. Re:It's not the user's fault by TheRaven64 · · Score: 3, Insightful

      How would the application know? The user is just drawing a black rectangle, or changing the background colour of the text. Deleting data from a PDF is easy - it's all stored as a dictionary of objects, and it's trivial to replace an object with a different one (you can do it in a text editor, and vim will even syntax highlight the PDF markup for you) - but if you use a drawing tool instead of a redaction tool in a graphical editor then that's user error. The user fundamentally needs to know the difference between adding information to a document and removing information. A tool that warns a user whenever they draw a rectangle that they're not redacting data would be insanely irritating.

      --
      I am TheRaven on Soylent News
    2. Re:It's not the user's fault by Alain+Williams · · Score: 3, Insightful

      Most users are non-technical.

      Management should ensure that those should be properly trained to do their job. Those responsible for putting stuff on web sites (or where ever) should know what they are doing. Would it be acceptable to say ''he blew up the nuclear sub because he didn't know how to manage the reactor'' ?

      This is an old issue and it's not excusable that the application didn't give a warning.

      The application was probably instructed to turn the background black, it was probably not instructed to make certain text unreadable.

      This is a management issue but, as ever, I can see them just blaming some muppet at the bottom of the pile.

    3. Re:It's not the user's fault by MichaelSmith · · Score: 5, Funny

      The other day the administrator in my department was organising a project to electronically sign all documents. Thats how they describe it anyway. They are going to scan a bunch of written signatures and paste them in to the documents which are "signed". There will be a directory (sorry, "folder") full of signatures to choose from.

      --
      http://michaelsmith.id.au
    4. Re:It's not the user's fault by WrongSizeGlass · · Score: 5, Funny

      Does this mean anyone who wants to sign a document as, say, the administrator of your department can use his signature with a simple copy & paste? If so you should issue a memo, "signed" by the administrator, announcing the cancelation of the "electronic signature project". ;-)

    5. Re:It's not the user's fault by TubeSteak · · Score: 5, Informative

      They are going to scan a bunch of written signatures and paste them in to the documents which are "signed". There will be a directory (sorry, "folder") full of signatures to choose from.

      This is modded +5 funny, but it is tragically common in the medical and professional world.
      A lot of doctor's offices are printing out pre-signed perscriptions on 8x11 instead of hand writing/signing on perscription pads whose paper has security features.

      --
      [Fuck Beta]
      o0t!
  8. Re:Avoid the Tsunamis by MichaelSmith · · Score: 4, Funny

    Not if they are full of leaks.

    --
    http://michaelsmith.id.au
  9. WYSWYG mindset strikes again by introcept · · Score: 3, Insightful

    The problem is using programs that advertise themselves as WYSWYG editors when in fact they're not.

    Now it's unreasonable to expect the every computer-literate but non-expert user to understand the data format, encoding and specific behaviour of every document editor. The blame here rests solely on the management that should have trained users how to manipulate sensitive documents using approved tools.

  10. RTFD by Anonymous Coward · · Score: 4, Informative

    Have you actually LOOKED at the document?

    Its original classification was "RESTRICTED - UK EYES ONLY" which is basically a rather quaint old fashioned form of "UK RESTRICTED".

    RESTRICTED is the lowest level that requires any special handling to speak of. We would tend to assume that foreign intelligence agencies already have everything that is RESTRICTED.

    CONFIDENTIAL is the lowest level at which any serious effort is taken to prevent FISs getting hold of the information, and then exponentially more protective measures are taken as one moves through SECRET and TOP SECRET.

    So whilst embarrassing, it doesn't contain anything that any halfway competent FIS would not have already been aware.

    Move on, nothing to see here....

  11. Re:hahaha by PhunkySchtuff · · Score: 5, Informative

    It absolutely boggles my mind that this can still happen.

    Adobe specifically have put in a redaction feature into Acrobat Pro just to do this, and it couldn't be easier to use.

    You select the redaction tool and drag your mouse over the text to redact. Select as many pieces of text as you want, they're hilighted while you're doing it so you can see what you're doing.

    Then, when you're done, click the Apply Redactions button and it's done.

    Not only is the text on the page redacted, but any metadata (and there's often quite a bit in your average PDF) that could potentially leak important information is removed too. You now have a PDF that's safe to distribute and I'd wager that it's actually easier to do it this way than it would be to draw black rectangles over everything you want to hide.

    --
    Specialist Mac support for creative pros, Melbourne