US Military Leaks its Secrets Online

athloi writes "Detailed schematics of a military detainee holding facility in southern Iraq, geographical surveys and aerial photographs of two military airfields outside Baghdad and plans for a new fuel farm at Bagram Air Base in Afghanistan are among the items accidentally left online by government agencies and contractors."

How egalitarian

[devilradish (637660)]

see this is what I like, I'm fine with the government invading privacy just as long as they don't get to have any either.

Re:How egalitarian

[Elemenope (905108)]

I'm fine with the government invading privacy just as long as they don't get to have any either.

I'm not, but it is still vaguely funny. Funny in the sense that the military is even more obsessed than the famously obsessed Federal Government (of which it is a prominent member) is with controlling information could make a mistake this stupid. Not funny in the sense that often (though not always), military secrets are secrets for good strategic or tactical reasons, and our military is at least nominally on our side. (It's like rooting for the home team. ;) )

Privacy isn't supposed to be a two-way street between a citizen and their government; symmetry of relation is inappropriate. Governments by definition are in service to the public, and act on behalf of that public; thus, there are precious few acceptable reasons why any corporeal manifestation of that government can assert a reason to keep its actions from those whom it serves, whereas a private citizen is private until and unless it gives ample reason for a public agency to believe they are doing something illegally naughty. The names almost give it away. Public Government. Private Citizen.

As a citizen, I don't want my government thinking it is in some egalitarian relationship with me and my fellow citizens. The government ought to consider itself subordinate to its citizens.

And I know this is taking your joke and dragging it unkindly into unfunny territory, but the 'you show me yours, I'll show you mine' meme is, I think, destructive to any defensible notion of privacy.

Re:

[Marxist Hacker 42 (638312)]

I'll root for the home team the day they get a competent coach who knows something about basic tactics and the proper use of overwhelming force, as well as how to budget properly.

Re:

[Elemenope (905108)]

Well, the other reason I root for the home team is I am acquainted a few of the players, and sometimes when they lose, they die. I don't want them to die, hence, I want them to win, or at least to stop playing and go home.

Re:

[ResidntGeek (772730)]

Interesting position. I am also acquainted with some of the home team's players, but don't root for them. They've got better equipment and a much bigger team than the other side, and the other team's nonparticipating fans have been dying much faster than the home team's players. Though I'm not personally acquainted with any of said fans, I can't support killing them.

Re:

[Elemenope (905108)]

Point. That's why the option I *personally* favor is 'stop playing and go home'. Means both teams get to go home to play another day. But so long as they are playing...

What was that sound? That sound was the spirit of a sports metaphor dying in agony. ;)

Re:How egalitarian

[undeaf (974710)]

what is this sun of which you speak?

Okay, how do I explain it in an easy to understand way. The sun is like a huge server that uploads Vitamin D to you. However, we're constantly told scare stories about how we'll accidently download skin cancer from it, to sell antiviolet products. Unless you live near the equator, you can't get very good access to it except in the summer.

Re:

[dbIII (701233)]

The other option is that there are not enough staff to keep private contractors in line.

Re:How egalitarian

[by Anonymous Coward]

This is a pretty misleading headline. U.S. Military? These are government contractors, civilians that do not have a clue about IT security and have not even considered what their actions can result in! This really bothers me because for the most part, your military is a cross section of society, coming from all different parts of our culture. When these stupid civilians put lives at risk, possibly mine, I would like to put them on the gate of any compromised base. I bet they would take security much more to heart. Their actions all boil down to a company that wants to make a buck by showing what a great fing job they are doing to fight the war.

As an active duty Marine, I completely agree with your statements on privacy, I appreciate what little privacy I enjoy and your right to privacy is one of the reasons I have served for 20+ years. I do however take issue with your comparing this instance with our current administration and congress and the military. Politicians are the government that you refer to, not those of us on the ground that are carrying out the fight. Most of us hate the politicians worse than any normal citizen, we fight, bleed etc, they get elected or re-elected based on the B.S. they can sell to the American public. There is not one single politician that has any integrity that I know of.

Heck, this administration forced me to not be a republican anymore and I will never be a democrat. They all are liars.

Re:

[Elemenope (905108)]

That the reality departs from the ideal should not be a reason to abandon the ideal or give up striving for its achievement. There have been rare moments in historical governance (both in the US and elsewhere) where a government and its constituent politicians acted in service to its people rather than to itself. To make such events the rule instead of the exception should be the goal of any people. That it is the exception simply means you and I have to work harder, but the fact that it occasionally hap

Re:

[Elemenope (905108)]

Way to ignore most of the sentence. Let's review:

In framing a government which is to be administered by men over men...

In other words, governments must be composed of human beings...

the great difficulty lies in this: you must first enable the government to control the governed...

Humans without some enforced public order are brutish and generally nasty. The establishment and maintenance of public peace is what the Founding Fathers (tm) meant by 'control', not manipulation, either crass or subtle,

Let's head this off at the pass...

[SoapBox17 (1020345)]

Before anyone cries foul...

From TFA:

"None of the drawings are classified and we believe they were all handled appropriately per the government's direction," said CH2M Hill spokesman John Corsi. But the company added a password protection to its FTP site after the AP's inquiry and referred the direct request for the documents to the government.

The DOD has a special category of Unclassified documents called "For Official Use Only" (FOUO) which prevents the information from being released to the public under the FOIA. This information was not classified, but was not supposed to be released.

Also from the article

[mdsolar (1045926)]

Freeman, who showed the AP the documents from Sandia and the Space and Naval Warfare Systems Command, said he made a conscious effort to avoid information labeled classified but still managed to accidentally download files from Sandia with "top secret" classifications, forcing him to wipe his computer hard drive clean and notify authorities.

Now, top secret is not suppose to be anywhere near the internet, so it could be disinformation, but I kind of think that this was a real error in handling classified material because it happens. People put things on laptops that shouldn't be there for example. So, what the AP found was unclassified, but that does not mean that classified material has not been treated this way, and the article does point this out.
--
Solar power in the wild: http://mdsolar.blogspot.com/2007/01/slashdot-users -selling-solar. [blogspot.com]

Re:

[digitalchinky (650880)]

What's interesting is that after spending a good 10 or 15 years with a TS security clearance, I can do the odd 'search' and find an astonishing amount of information put on line by both the military and contractors, the kind of information that would generally land a person in the trade in some rather deep hot water. (or jail) 3 letter agencies don't really have an employment stream for people to sit on google all day looking for in house classified documents. It usually takes a bit of digging by a reporter

Re:

[Plutonite (999141)]

This information was not classified, but was not supposed to be released.

Is that like being ugly but having a beautiful soul?

Re:

[myowntrueself (607117)]

Maybe...

as in "In the morning I will be sober but you will still be classified".

Re:

[CodeBuster (516420)]

But the company added a password protection to its FTP site after the AP's inquiry

I hope they realize that FTP does not encrypt the transport, and thus the password, and that this is only marginally better than no password at all until they bother with encrypting the underlying connection (port forwarding 21 or whatever port they are using through an SSH tunnel for example).

Re:okay, explain that one

[jank1887 (815982)]

FOUO is specifically designated to NOT be used as a way of keeping Unclass info away from FOIA inquiries. It's for things that aren't government secrets, but shouldn't be shared with the general public. You would likely agree with many of these. Examples:

Privacy Information, Social security numbers, medical, etc.
Company Trade Secrets
Legal documents, law enforcement documents, with limits
And there are others, some discretionary. Full definition in Chapter 4 here (~100 page PDF):
http://www.dtra.mil/documents/be/5400.7-R.pdf [dtra.mil] BUT, from Chapter 4:

C4.1.1. General. Information that has not been given a security classification pursuant to the criteria of an Executive Order, but which may be withheld from the public because disclosure would cause a foreseeable harm to an interest protected by one or more FOIA Exemptions 2 through 9 (see Chapter C3.) shall be considered as being for official use only (FOUO). No other material shall be considered FOUO and FOUO is not authorized as an anemic form of classification to protect national security interests..

yeah

[User 956 (568564)]

This is just another example of how Michael Bay's Transformers movie is completely ridiculous. Megatron wouldn't have had to send his Decepticons to break into the government's computers to steal the location of the all-spark.

As we can see, the DOD would likely just left that information open, available over the web.

Re:

[Architect_sasyr (938685)]

They put the information in a movie so that we wouldn't believe it was true! Just like the Matrix...

Re:

[TedTschopp (244839)]

I guess they should have used a search engine and looked on Ebay....

Re:

[PsychoSlashDot (207849)]

This is just another example of how Michael Bay's Transformers movie is completely ridiculous. Megatron wouldn't have had to send his Decepticons to break into the government's computers to steal the location of the all-spark. As we can see, the DOD would likely just left that information open, available over the web.

Funny thing is that Optimus Prime claimed to have learned how to speak our languages on "the World Wide Web", but he didn't once use any l337 speak.

"Accidently"??

[iminplaya (723125)]

Please! So those were the "real" plans, huh? Nod Nod Wink Wink..

That's the problem with secrets.

[twitter (104583)]

You never can tell where the lie ends and the truth starts.

Cut corners

[flyingfsck (986395)]

The actual buildings won't look anything like the plans, due to 'cutting of corners' that is endemic in Middle Eastern construction. So instead of a rectangular jail with 1000 rectangular cells, there will be a roughly circular construction, much smaller than planned, with a few large and somewhat rounded out rooms. This is why mosques always have rounded domes. That is the ultimate example of corner cutting...

Keeping secrets

[Aminion (896851)]

And somehow, these people manage to keep secrets about aliens, JFK, weapon programs, etc.? ;)

Re:

[kd5ujz (640580)]

They still have some people believing Saddam had WMDs, so I do not see a JFK/Alien/Roswell/Moonwalk cover up out of their reach. :P

Re:

[NMerriam (15122)]

The world witnessed Saddam use his WMD against the Iranians and Kurds on multiple occasions. This takes the notion that he had WMD out of the "belief" realm and plants it solidly in the "proven fact" category.

We didn't claim to invade for weapons he had in the 1980s (when he was an ally and we were PROVIDING him weapons and technical expertise). We claimed he had WMDs in the year 2003 and was refusing to get rid of them *in 2003*. Please, stop trying to move the goalposts to make yourself feel better abou

Re:

[by Anonymous Coward]

See, it's all about the master conspiracy. By leaking unimportant information that only some measly civilians and combatants need to be safe, they distract us from the important matters, like alien JFKs programmed to be weapons.

This just in:

[RAMMS+EIN (578166)]

US Military Leaks its Secrets Online

In other news, water is wet!

Doubt this is a mistake.

[detain (687995)]

I have no problem believing that there are countless incompetent people within both our government and military, but they are both run in maners that should prevent mistakes like this from happening. Its my guess that these documents were intended to be 'leaked' and that its no real threat to us to have anyone aware of them. I dont see something like this being an accident at all. Its probably more a strategic move than a mistake.

Re:

[Danga (307709)]

I kind of thought it seemed like a good way to accidently leak bogus information to confuse the "other side" too. I mean how stupid can you be to put sensitive information out on an anonymous ftp server? I definitely would never even think of putting anything like that on an ftp unless the ftp at least required a password (and even then I would think about who all already has or can get access to that ftp). It seems like security 101 to me. Who cares if the ftp is not indexed? That is like saying it is

Re:

[dbIII (701233)]

Its my guess that these documents were intended to be 'leaked'

Your conspiracy theory requires a greater degree of competance than is currently being displayed. Be careful with your credulity. At the far end of this scale there are those that think some elite mob of US spooks engineered 9/11 because only an omnipotent government can defeat itself.

With corruption, nepotism and political appointees you will not always get people competant enough to do the job. It's not just the head of FEMA there are small

Re:

[Scratch-O-Matic (245992)]

Here's an exercise for you:

1. Drive around Arlington, VA (where the Pentagon is) and observe all the buildings with the names of defense contractors on them.

2. Say to yourself, "Everyone in all of these buildings understands that when they upload a file to the company server, it is available to anyone around the world."

3. Reflect.

Is there no way to do better?

[Aaron Isotton (958761)]

I find it a bit sad that such things keep on happening all the time (not only to the DOD).

I do realize that, while everyone agrees that "security" is a good thing, it often gets treated lazily for the sake of usability. Even though I think that giving "normal" (i.e. non-system administrator) users the right to just "put things on the server" (likely via FTP or Windows Shares) is just utterly stupid in any context where some sort of security is required. Things will go wrong because people just don't realize

Re:

[qzulla (600807)]

Is there any (operating) system out there with some sensible, security-aware data flow tracking? Such as 'when you copy something from a classified document into a non-classified document the non-classified one becomes classified'? Or attaching this kind of security information to files or other objects? I know that this is a major topic of research in computer science, but have never seen it in real use.

I work in a class environment. I'll try to answer this.

Why should the OS care? Who is going to build

Yes - Get someone with a clue.

[azrider (918631)]

Implementations of Multilevel Security [wikipedia.org] exist, but they are not easy to use and are expensive to develop and operate. This is why systems processing different classification levels are on separate (air-gapped) networks. Off-the-shelf hardware and software can be used with physical security measures preventing information compromises. [Of course, an ID10T sneaker-netting data between the security domains is always a potential problem. The weak point is always people...]

The implementation is

How to improve your security...

[digitalderbs (718388)]

"The posting of private material on publicly available FTP servers"

$ ftp ftp.usmilitary.com
220 FTP server (SunOS 4.1) ready.
Name (ftp.usmilitary.com): guest
331 Guest login ok, send ident as password.
Password: guest@guest.com
ftp>

Thankfully, they caught on and learned their lesson : "the SRA anonymous ftp server has been shutdown indefinitely. In the coming months, a new secure ftp site will be introduced that will replace the functionality of this site."

$sftp guest@sftp.usmilitary.com
Connecting to sftp.usmilitary.com...
Password: guest@guest.com
sftp>

Re:How to improve your security...

[Rearden82 (923468)]

That's much more "Insightful" than "Funny".

I had the unfortunate experience of dealing with a government agency whose website was hacked. After a month-long "security audit", their in-house security experts devised a comprehensive plan to lock down their server and prevent it from ever being compromised again.

The solution, in its entirety, was to turn http://www.dumbass.agency.gov into the new, "secure" https://www.dumbass.agency.gov.

I wish I was kidding.

Need a more secure alternative to FTP?

[statemachine (840641)]

A spokeswoman for contractor SRA International Inc., where the AP found a document the Defense Department said could let hackers access military computer networks, said the company wasn't concerned because the unclassified file was on an FTP site that's not indexed by Internet search engines. "The only way you could find it is by an awful lot of investigation," said SRA spokeswoman Laura Luke.

Gopher... No one looks there!

Re:

[UncleTogie (1004853)]

Gopher... No one looks there!

...just like most people would think of comics [or cartoon porn, sadly] if you mention Veronica [wikipedia.org] and Archie [wikipedia.org]...

"accidental" my butt

[unity100 (970058)]

such stuff dont get just "forgotten" - military is not a place that permits human errors to happen frequently like the stuff was coming up about the prison tortures and so on, and a year or so later more, and now this.

i bet the army left them to leak in order to put more pressure on bush adm, with whom they are constantly in bickering and dislike.

Re:

[mdsolar (1045926)]

So, Bush is going to blame the troops now? Pathetic. This stuff endangers the troops and so this is a big error, but I really doubt it was on purpose. As is clear, the torture violated the UCMJ and had to come out. It seems clear now that Rumsfeld and the President were well aware of it long before it came out and if they wanted it suppressed they were conspiring to obstruct justice. http://www.washingtonpost.com/wp-dyn/content/blog / 2007/06/18/BL2007061800791.html [washingtonpost.com]

anonymous ftp?

[bl8n8r (649187)]

> the SRA anonymous ftp server has been shutdown indefinitely

Anonymous?... FTP? They may have as well put them on bitorrent and named them britneys_boobies.zip

Um, I thought we were withdrawing...

[r_jensen11 (598210)]

So much for our plans of getting our troops out any time soon. Unless this 'leak' was intended to foil such attempts of creating a new base, and actually result in getting our troops home quicker.

Stupidy and Misinformation

[RexRhino (769423)]

The military accidentally leaks valuable information, and the military intentionally "leaks" disinformation. It is not an either/or thing.

"Leaking" disinformation would be useless if the military didn't actually leak real information. And if you do accidentally leak real information, it only makes sense to also release disinformation to create uncertainty.

But there is probably no way that layman like most of us here can determine if this is fake or real simply from the information in the article.

Re:

[aliquis (678370)]

Security through obscurity rocks! And almost always works... bad.

Re:

[CastrTroy (595695)]

Sounds a lot like DRM to me. I think the military should try this. It's working so well for the music/movie industry.

Re:

[Actually, I do RTFA (1058596)]

Proxy, sir. Proxy.

At last the excuse we've been looking for to declare proxies and using proxies as illegal/treason. Thanks DoD.

- RIAA & MPAA

Solution:

[mdsolar (1045926)]

H-1B Visas. Just hire some competent foreigners to handle national security. Oh, wait....