US Army Files Found On Second-Hand MP3 Player 184
MichaelSmith writes "A New Zealand man who bought a second hand MP3 player from a store in the US found it loaded with the names and personal details of American soldiers, as well as a mission briefing and information about equipment.
Chris Ogle says he will return the unit to the US Defense Department if asked, and that it never worked as a music player anyway.
A
slightly different version of the story is available from TVNZ."
Do it Chris Ogle! (Score:3, Funny)
They will also be able to conveniently download the contents on Wikileaks.org in 4.. 3.. 2.. 1..
Re:Do it Chris Ogle! (Score:5, Funny)
in 4.. 3.. 2.. 1..
NOBODY expects the Spanish Inquisition! Amongst our weaponry are such diverse elements as: fear, surprise, ruthless efficiency, , and nice red uniforms!
Re:Do it Chris Ogle! (Score:4, Funny)
Splitters!
Re: (Score:2, Funny)
Bloody hell, we'll come in again...
Re: (Score:3, Insightful)
Re:Do it Chris Ogle! (Score:4, Funny)
We don't get Monty Python references, and you expect us to get a Bob Dylan one?
And the previous owner was? (Score:5, Insightful)
The Army should ask for the return of the MP3 player (and pay for it), find out who put the files on it, and punish them. I don't expect that to happen.
Comment removed (Score:5, Insightful)
Re: (Score:3, Interesting)
Although I guess I'm not sure that announcing this to the news was "the right thing."
Re:And the previous owner was? (Score:5, Insightful)
I'm not sure that announcing this to the news was "the right thing."
I think it was. Divulging the specific contents of the device might be inappropriate, but letting the world know about a screwup like this is most certainly "the right thing."
Re:And the previous owner was? (Score:5, Interesting)
Unfortunately, "doing the right thing" does not protect one from bureaucrats. When someone in a suit wants someone punished, they will find a target, even if it happens to be the person who did "the right thing." My favourite example of this was a woman who worked for a mid-sized company as an accountant. She noticed something questionable on the books and reported it to her boss. Her boss told her to ignore it and proceed. She knew that her boss was dodging the IRS and, not wanting to be a party to tax evasion, she reported the company to the IRS and quit. The IRS began an investigation and found, sure enough, the company was illegally avoiding paying taxes. The company, of course, used every method to dodge the IRS. The IRS, having lost their obvious target, decided to use a different tactic and elected to go after the accountant who was working for the company at the time the questionable events took place.
The woman who reported the situation to them.
The IRS ceased her home and garnished her wages (from her new job) to pay off the outstanding taxes. Doing the right thing resulted in this woman being screwed, to say the least.
Yes, this is an extreme example and it's also an example of the old IRS (they've apparently had their power to abuse people reduced since then - this story took place ten or 15 years ago, iirc). But, it is still an example of someone doing the right thing yet still being turned into a target so that someone in a suit can punish _someone_.
Re: (Score:3, Interesting)
Re: (Score:2, Interesting)
Re: (Score:2)
It was a friend of a friend!
It's like a crackhead calling 911 to report their stash got stolen. What do you expect will happen?
Re: (Score:3, Insightful)
If it happened that long ago it may very well be true. Many people don't realize, not so many years ago, the IRS had more power than the CIA or FBI and that changed only after significant IRS reform. IIRC, that changed under the Clinton Administration.
Literally, not many years ago, if the IRS randomly decided you owed money, they would come in, seize all your accounts and assets. You would literal come home from work to find your crying family on the curb and your house boarded up. On arrival, your car woul
Re: (Score:2)
Re: (Score:2)
Yes, because everything, everywhere, is happening on the interwebs.
Doesn't have to be a web link. I'd settle for a newspaper reference, or ANYTHING that can be referenced aside from an "I heard about it one time from a buddy's sister's cousin" type account. As it is the whole story sounds very suspect. It very much has the sound of something that I'd expect to find debunked on Snopes.
Re: (Score:3, Funny)
That usage sounds weird to this European - like I'd end up with a sprig of rosemary and a bit of orange peel in my pay packet, or something.
Re: (Score:2)
Re: (Score:2)
That's a difficult situation to assess without seeing the actual books. What if she *was* the person who was making a mess of things: she, the accountant, was cooking the books, and claimed her boss was the one doing it when she called him in to the IRS? Consider the movie "The Shawshank Redemption".
There are plenty of cases where the whistleblower is unjustly persecuted for pointing out problems, but there are also some where whistleblowing is a tactic to disguise malfeasance on the part of the whistlebl
Re: (Score:3, Informative)
I really doubt that the US Army is going to try and punish an innocent New Zealander for trying to do the right thing.
Not punish, as such, no. But he has had access to information that the US didn't want him to have. I would imagine red flags will be popping up next to his name for quite a long time: he should be very very circumspect if he ever has to go through US immigration, for the foreseeable future.
Although I guess I'm not sure that announcing this to the news was "the right thing."
He gave a copy of the files to the local news, according to the TVNZ article.
Re:And the previous owner was? (Score:5, Interesting)
Re: (Score:2)
The files on it probably weren't classified or particularly sensitive
I'd say names coupled with locations and mission briefings were pretty sensitive, wouldn't you? I don't expect there were any missile launch codes on the player, but still - these pieces of information could have been used for the wrong purpose and could potentially have done harm.
Re:And the previous owner was? (Score:4, Interesting)
It works like this:
1. Spy fills MP3 player with classified information.
2. Spy drops off MP3 player at local second hand shop.
3. Handler buys MP3 player.
4. Profit!
Re:And the previous owner was? (Score:5, Insightful)
Re: (Score:2)
There are a few 'pawn shops' out there that specialize in having a bad memory. While the woods does avoid a certain third party, the 'pawn shop' has the advantage of covering a big crime up by making it look like a believable petty crime.
Odds are it is a petty crime, but it's worth looking in to anyway.
Re: (Score:2)
Wouldn't it be easier to just hide it somewhere (out in the woods for instance) instead of involving a third person who could potentially id both of you if the army comes looking?
To be fair, a third person could stumble upon it no matter where it's hidden. If there is a stream of stuff at second hand stores near military bases, as the GGP posted, they might think it's more inconspicuous than taking trips to the woods, etc.
.mp3 extension. I don't know how spies work, but it's still plausible.
To be honest, if I were such a spy, I would at least give the files a
Re: (Score:2)
Re: (Score:2)
That doesn't make sense... (Score:2)
Most likely they will try to punish the current owner.
What, they're going to sue him for buying what he was offered?
Re: (Score:2)
Re: (Score:2)
What, they're going to sue him for...
They can make up some stuff:
I'm not saying it's right just sayin'.
Re:And the previous owner was? (Score:5, Insightful)
I am just trying to work this out. How is a New Zealand citizen able to commit treason against the US?
treason: (noun) the crime of betraying one's country
Re:And the previous owner was? (Score:5, Funny)
Because you're either with us or you're with the terrorists. Didn't you get that memo?
Re:And the previous owner was? (Score:5, Funny)
>Because you're either with us or you're with the terrorists.
Not since last Tuesday.
Oh wow! (Score:2)
He modded you down in a thread he posted in? Gandalf is indeed a great and powerful wizard!
Re: (Score:2)
I believe the equivalent for foreigners is "an act of war".
Re: (Score:3, Interesting)
Re: (Score:2)
The poster said "Texas." And, as far as Texans are concerned, New Zealand is part of Texas.
Re: (Score:2)
I am just trying to work this out. How is a New Zealand citizen able to commit treason against the US?
treason: (noun) the crime of betraying one's country
Cause everyone knows that New Zealand, Australia, and Great Britain are all secret US states. ;)
If you want a more whimsical reason, it's because lots of US movies were made there so we've declared them a special kinda of state since all of our media gets made there now a days. ;)
Do you really want the third reason? You won't like it. There are 50 US state
Re: (Score:3, Informative)
Not just the military (Score:3, Informative)
Most of the US Gov is banning USB key drives, music players plugged into computers, and any other read/write media.
Re: (Score:2)
Re: (Score:2)
Most of the US Gov is banning USB key drives, music players plugged into computers, and any other read/write media.
When they should be banning operating systems that allow these devices a convenient attack vector. Seriously, why should a removable device has executable privileges and access to critical system files?
Re: (Score:2)
Re:Not just the military (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2, Informative)
They've already disabled USB storage devices on ALL DoD information systems. Not just ones with access to "sensitive" information.
Re: (Score:2)
Windows Autoplay was a major aggravating factor in that case.
Since you can't trust everything that's on a removable storage device, ESPECIALLY one that's rewritable, automatically executing it is just plain stupid.
You wouldn't execute a random binary you downloaded off the web, so why should your computer simply autoplay a random-ass flash drive?
Re: (Score:2)
Windows Autoplay was a major aggravating factor in that case.
Which is why I turn off auto-play on every one of my Windows computers, and advise everyone within earshot to do the same.
Tweak UI [microsoft.com] is a Microsoft "Power Toy" that allows you to turn off auto-play on all devices easily. There might be a way to do it without the power toy, but I don't know it off-hand.
Unfortunately, it's only available for Windows XP. I've read that someone has developed a similar utility with nearly equivalent functionality for Vista, but I don't use Vista.
Re: (Score:2)
Security Policy.
Local Security Policy (gpedit.msc) for, 2000 Professional, Windows XP Professional or Vista Business. Or the server versions thereof.
I Think tweakUI is the only way to do this with the "home" (aka toy) versions of Windows.
For the Domain, then you have Domain Policy. I disable autorun, on all drives, on my domains. I can't think of a single reason to ever enable it. I've never had a single helpdesk call about "how do I install 'x'". Users quite happily live witout it.
Trend Micro (et al) have
Re: (Score:2)
Re: (Score:2, Informative)
Punish them for what? Is it illegal to keep names and information of unclassified material on your personal computer /mp3 players? At worst, it's FOUO (for official use only) information. While it could reflect on your performance evaluation negatively, there is nothing illegal about the release of FOUO information.
If it contains the names & details of armed forces personnel it could very well be defined as a national security breach. The fact it contains a mission briefing & details of equipment would pretty much seal that one.
Re: (Score:2)
If it contains the names & details of armed forces personnel it could very well be defined as a national security breach. The fact it contains a mission briefing & details of equipment would pretty much seal that one.
All that is available on wikipedia anyway. What do you want to know about the M16 that isn't freely available?
Re: (Score:3, Funny)
The most sophisticated weapon the united states military ever fielded was an M-16. Clearly, this iPod contained detailed technical schematics of this unbelievably powerful rifle. Also, every battalion publishes their entire enlisted roster on wikipedia every third saturday, so the Privacy Act [wikipedia.org] doesn't matter either. Not to mention, mission details are routinely cribbed from bad Tom Clancy novels, so there couldn't be any important information there.
It's all about the M-16, baby. Those dirty communists are go
Re: (Score:2)
Re: (Score:2)
The act of using a personal device on the Army network was a violation of Army Regulation 25-2, a large document that DoD users agree to when they sign an Acceptable Use Policy prior to receiving a network account from their local DOIM (IT shop).
The act of connecting the personal device to a government workstation makes it Army property, and punishment is usually decided by the user's CO or Director, and can range from a warning to being fired.
Re: (Score:2)
The act of using a personal device on the Army network was a violation of Army Regulation 25-2
Hmmm, I keep seeing this assumption, but it's not stated in either article that the previous owner hooked up the mp3 player to a DoD computer. More likely, the guy did some work on his home computer, then uploaded it to his mp3 player. That's why I think this is a complete non-story.
Re: (Score:2)
CLASSIFIED data is not allowed on a personal computer (in case the data was CLASSIFIED).
I dont see anything about unclass material not being allowed, but think about it for a minute...
Back before the USB media ban, information could be moved about on USB media with no enforcable restrictions. If the user took a DoD USB or CD with files on it to their home, why did they need to put it on an mp3 player? perhaps it was on a CD and they didnt have a cd burner to burn the updated files for transport back to work
Re: (Score:2, Informative)
You don't think the army punishes people for violating secure data storage and usage? While slashdot is well-known for it's pessimistic view on life and thinks that every situation requires a tin foil hat you should a LITTLE more faith.
By bringing this to the attention of the DoD they can determine what needs to be done with the MP3 player (most likely buy it from the person). The army takes a very dim view on allowing the names of its personnel leaking to the world. They are very protective about their
Re: (Score:3, Interesting)
Was it a troop? (Score:2)
They Should purchase it back (Score:5, Interesting)
Re: (Score:3, Informative)
Re: (Score:2, Funny)
Re: (Score:2)
Unfortunately, it has information on service members too. Perhaps someone can place the service members as conducting the mission and then effected groups (the ones the missions went after) could use that information to retaliate on their families or them directly later down the road.
That's an extreme possibility when we are fighting with terrorists which I think still makes it dangerous even if the mission info is outdated.
Daily occurrence (Score:5, Insightful)
Hi,
i would expect this to happen on a daily basis. Usually the buyer will not be a journalist but some kid. The typical kid will say "boring stuff" and have those files deleted before finishing yawning. By doing so, they prevent more security leaks than most security officers.
Sincerly yours, Martin
Re: (Score:3, Insightful)
What would you do? (Score:5, Insightful)
Re:What would you do? (Score:5, Interesting)
"Ok Sir, i'm going to go out the front door and close it behind me. Before I knock on your door again, that picture will have been deleted from your computer and you'll have forgotten about it. IF you mention it, i'll have to arrest you for posession of an indecent image of a minor."
Even the cops think things like this are best swept under the carpet.
Disclaimer: UK Law, YMMV
Re: (Score:2)
We received some donated computers from the US Army Corps of Engineers and one of them hadn't even been wiped even though the tag on it said the drive was degaussed. I wiped the drive with DBAN and called them up to let them know. They thanked me and said it wasn't a big deal as none of the donated computers had access to classified info as they physically destroy those drives. Still kind of eerie as all the rest had been wiped. I have also found a few CDs in the drives including gov branded win XP disk
Re: (Score:2)
I actually take it a step further in that I dban _every_ used storage device I get without first looking to see what is on it, so I have no clue if I ever received something via a second-hand device that I should not have.
At least now you have a written declaration to show your torturer. Maybe he'll believe that.
Re: (Score:2)
That assumes you can dban it. If it was an MTP-only device you might have difficulty.
Re: (Score:2)
He obviously did the right thing, instead of trying to sell it to the Russians.
You bring up an interesting point! What he did was not the right thing, if you ask the Russians. You know, in Soviet Russia, what he did... ah... no.
What an idiot! (Score:2, Interesting)
Why did he come out and admit this? The US will either try to extradite him or ban him from entering the US again. And the poor soldier responsible will get shafted too. For what? Just wipe the drive and pretend it never happened moron.
Re: (Score:2)
And the poor soldier responsible will get shafted too. For what?
Err, he/she will get "shafted" for putting at risk a bunch of people's personal information, as well as information about equipment and a mission, maybe? Would you be thrilled if this genius had dumped your info onto an MP3 and sold it to some random stranger?
If somebody was stupid enough to load a bunch of other people's info onto some personal storage device, then apparently somebody *needs* to smack them upside the head and tell them not to do that any more.
Re: (Score:2)
Yeah, now that you mention it, that's probably more likely than the owner selling it. I imagine anybody with access to that sort of info knows how much hot water they'd be in if they didn't wipe something before they sold it.
Re: (Score:2)
While that sounds nice, it doesnt matter. Users on the DoD network sign AUPs that explicitly state personal devices cannot be used on DoD workstations. I also doubt that it was properly labeled UNCLASSIFIED or whatever the classification of the data really was (likely not higher than SENSITIVE, otherwise he must have put some effort into storing the data on his PED).
The guy violated a very reasonable request (no personal devices) in a contract he willfully signed (AUP). This is situation is one of the reaso
Re: (Score:2)
Comment removed (Score:5, Informative)
Re: (Score:2)
Few seemingly innocuous things can get you in greater trouble in any part of the federal government, especially the DoD than bringing a personal portable storage device into an area that is restricted. Copying sensitive information onto one is, itself, a very serious offense ...
That's why Sandy Berger became his own "personal portable storage device".
So what? (Score:3, Interesting)
Fill in the blanks (Score:5, Funny)
Oh, so it was a Zune?
Ding Chavez (Score:3, Funny)
Burn After Reading (Score:2)
It's not just the Army (Score:5, Funny)
I also recently purchased a used IPOD and found important naval information stored on it, most notably recruitment details describing how new recruits would be able to
When your team and others meet
amongst other available activities. In the interests of national security, I deleted the file in question immediately.
Mouse in my Beer (Score:2)
I heard that if you like find a mouse in your beer bottle and bring it to the beer store they like have to give you free beer or something.
Re: (Score:2, Funny)
Next guy who buys it does the right thing and returns it, but the Army/CIA spend countless resources running in circles looking for the "leak."
Re:what are the exit policies of the army? (Score:5, Informative)
i would think that in an organization as large and as stereotypically stringent as the us army that they'd have some sort of exit policy for equipment and personnel.
I would have thought so, too, until I spent a few years in the US military. You'd be amazed how much and what kind of stuff makes it past policies (exit or otherwise). When I lived in a military town, it seems like I'd see a story every year or so about about service members getting caught with garages full of new and/or used stuff.
Re: (Score:2, Funny)
That would make for one hell of a 'garage sale'! ;)
Re: (Score:2, Flamebait)
Re: (Score:2)
Re: (Score:2)
I would have thought so, too, until I spent a few years in the US military. You'd be amazed how much and what kind of stuff makes it past policies (exit or otherwise). When I lived in a military town, it seems like I'd see a story every year or so about about service members getting caught with garages full of new and/or used stuff.
Those are only the guys that they catch. Imagine being in that environment and knowing how to really cover your tracks or to surplus some stuff and have a local base garage sale
Re: (Score:2, Interesting)
Re:what are the exit policies of the army? (Score:5, Insightful)
The problem is, if you ban storage devices, you're gonna have to provide an equally convenient way to move data around. Otherwise everyone's going to find their own method, which may be as simple as emailing it around.
The issue is that rules are made, but the rulemakers don't realize the reason why people were doing what they were doing. Ban storage devices, and if someone still needs to get data from point A to point B, well, you've just got a bunch of people who are going to find a way to either circumvent the rule, or to find an alternative, which may not be as secure.
Banning the devices without an equally convenient alternative will just result in people finding workarounds. Just don't be surprised what those workarounds are. Interfere with people Getting Stuff Done(tm) without educating them on How to Get Stuff Done without X...
Re: (Score:3, Interesting)
Banning the devices without an equally convenient alternative will just result in people finding workarounds. Just don't be surprised what those workarounds are. Interfere with people Getting Stuff Done(tm) without educating them on How to Get Stuff Done without X...
This is the case with the current ban on thumb drives. For example, after years of being told we're moving electronic, the AF base I'm at switched to electronic crew pubs and forms, and other mission data from flights is built on board the aircraft, saved on a thumb drive, and downloaded to a system back home after the mission. There are work-arounds, but an entire system built on technology we can no longer use is an inconvenience that lends itself to unapproved / undocumented workarounds with even more se
Re: (Score:2)
Re: (Score:2)
Hi, you'll need 1$ to scrub the flash drive and 1 million bucks to find out which one.
No. You need someone with a brain to say, "no more flash drives of any kind, and no exceptions". There; it's been said, for free even.
There is no sensible reason for variance when one needs information moved from one 'secure' computer to another 'secure' computer with a highly suspect, easily compromised method in the middle. That's free info as well.
This is completely avoidable with 100% surety. My original point remains (and a big booyah fuckyou to the moderator of GPP for not understanding or modding con
But what can you really do? (Score:3, Funny)
Information wants to be free. And this is information with military training.
Re: (Score:2)
i dont think that was a troll...
anyway, the DoD has their own budget, and this falls under DoD. DHS doesnt mess with us.