Forgot your password?
typodupeerror
United States Security The Internet

US Military Leaks its Secrets Online 198

Posted by samzenpus
from the check-out-the-cia-myspace-page dept.
athloi writes "Detailed schematics of a military detainee holding facility in southern Iraq, geographical surveys and aerial photographs of two military airfields outside Baghdad and plans for a new fuel farm at Bagram Air Base in Afghanistan are among the items accidentally left online by government agencies and contractors."
This discussion has been archived. No new comments can be posted.

US Military Leaks its Secrets Online

Comments Filter:
  • by devilradish (637660) on Wednesday July 11, 2007 @08:41PM (#19832935)
    see this is what I like, I'm fine with the government invading privacy just as long as they don't get to have any either.
    • Re:How egalitarian (Score:5, Interesting)

      by Elemenope (905108) on Wednesday July 11, 2007 @08:59PM (#19833069)

      I'm fine with the government invading privacy just as long as they don't get to have any either.

      I'm not, but it is still vaguely funny. Funny in the sense that the military is even more obsessed than the famously obsessed Federal Government (of which it is a prominent member) is with controlling information could make a mistake this stupid. Not funny in the sense that often (though not always), military secrets are secrets for good strategic or tactical reasons, and our military is at least nominally on our side. (It's like rooting for the home team. ;) )

      Privacy isn't supposed to be a two-way street between a citizen and their government; symmetry of relation is inappropriate. Governments by definition are in service to the public, and act on behalf of that public; thus, there are precious few acceptable reasons why any corporeal manifestation of that government can assert a reason to keep its actions from those whom it serves, whereas a private citizen is private until and unless it gives ample reason for a public agency to believe they are doing something illegally naughty. The names almost give it away. Public Government. Private Citizen.

      As a citizen, I don't want my government thinking it is in some egalitarian relationship with me and my fellow citizens. The government ought to consider itself subordinate to its citizens.

      And I know this is taking your joke and dragging it unkindly into unfunny territory, but the 'you show me yours, I'll show you mine' meme is, I think, destructive to any defensible notion of privacy.

      • Re: (Score:3, Insightful)

        I'll root for the home team the day they get a competent coach who knows something about basic tactics and the proper use of overwhelming force, as well as how to budget properly.
        • Re: (Score:3, Insightful)

          by Elemenope (905108)

          Well, the other reason I root for the home team is I am acquainted a few of the players, and sometimes when they lose, they die. I don't want them to die, hence, I want them to win, or at least to stop playing and go home.

          • Interesting position. I am also acquainted with some of the home team's players, but don't root for them. They've got better equipment and a much bigger team than the other side, and the other team's nonparticipating fans have been dying much faster than the home team's players. Though I'm not personally acquainted with any of said fans, I can't support killing them.
            • Re: (Score:3, Interesting)

              by Elemenope (905108)

              Point. That's why the option I *personally* favor is 'stop playing and go home'. Means both teams get to go home to play another day. But so long as they are playing...

              What was that sound? That sound was the spirit of a sports metaphor dying in agony. ;)

          • With this coach, the second is the better option; but like most bad coaches he doesn't know when to forfiet.
          • by lawpoop (604919)
            I'm confused. Isn't the US the 'visiting' team in this metaphor?
            • by Elemenope (905108)

              LOL! Yes, from the point of view of an uninterested observer, the US is the 'visiting' team in the 'game'. I meant 'home team' in the sense of 'team I am identified with', being as I am an American citizen.

      • by dbIII (701233)
        The other option is that there are not enough staff to keep private contractors in line.
        • by AoT (107216)
          Are all of you so naive as to think this wasn't intentional? Or are you just playing along?

          Really, feeding the enemy wrong information as the oldest trick in the book, I'd guess this and the "accidental" release of the specs for the embassy are the work of the same counter insurgency program. Ha ha, look at the stupid Americans.
          • by dbIII (701233)

            Are all of you so naive as to think this wasn't intentional?

            Time to be patronising here since I am being called naive. I suspect when the above poster is old enough to join the workforce they will become aware that governments are not omnipotent and life is not a Tom Clancy novel. There's plenty of incidents in the press of ridiculous incompetance, bullying and petty infighting in agencies people hold in Godlike awe such as the FBI, let alone amateurs called in as contractors to help out when the militar

            • by Joebert (946227)
              Besides, we quit doing that years ago because some idiot always yells it out & destroys the effectiveness of it.
            • by AoT (107216)

              when the above poster is old enough to join the workforce
              Oh my. Did you even look at my UID? Even if I got it when I was 12 I'd still be "old enough to join the workforce." and I have joined for a while. Don't you doubt it.

              I've been studying government since you started learning code. Shit, since *I* started learning code.

              P.S. Clancy is a fucking tool. And if you think all of these recent "accidental" reveals lately are real, so are you.
              • by dbIII (701233)

                I've been studying government since you started learning code

                You don't know me either and if you did you may possibly call me old and out of touch instead so I can't win this silly game - I only had your writing style and rapid jumps to odd conclusions to make me jump to the conclusion that I was talking to someone with little clue - and I generously put it down to a young age and little experience. If you are old enough to join the workforce I suggest you start paying attention instead of entertaining c

                • by Ash Vince (602485)

                  You don't know me either and if you did you may possibly call me old and out of touch instead so I can't win this silly game - I only had your writing style and rapid jumps to odd conclusions to make me jump to the conclusion that I was talking to someone with little clue - and I generously put it down to a young age and little experience.

                  I recommend that before suggesting people on slashdot are young you look at their UID or even better would be their journal / homepage. It only takes a few moments to try and research what you post. Not doing so and getting caught out as obviously as you did (it tells you his uid in his post) just makes you look a bit foolish.

                  You cannot tell that someone with a high uid is young. However to have a uid that low means he has been a member for alot longer than me or you since they are handed out incrementally

                  • by HiThere (15173)

                    I did not think that the conclusion he came to was that odd actually. I personally would rather think that governments do some things deliberately rather than think they are incompetent.


                    Try it both ways. I'm sure that's the correct answer, the problem is trying to deduce the proportions.
                    • by Torvaun (1040898)
                      Hmm. We know that the British did that 'Man who never was' thing in WWII, and they also prevented an attack with the threat of setting the English canal on fire. Those are the big reasons that any information that is leaked is considered suspect. I wouldn't be at all surprised if most of the leaks are real, but not used precisely because false leaks can be so destructive to people who rely on them.
      • Re:How egalitarian (Score:5, Insightful)

        by Anonymous Coward on Wednesday July 11, 2007 @10:45PM (#19833899)
        This is a pretty misleading headline. U.S. Military? These are government contractors, civilians that do not have a clue about IT security and have not even considered what their actions can result in! This really bothers me because for the most part, your military is a cross section of society, coming from all different parts of our culture. When these stupid civilians put lives at risk, possibly mine, I would like to put them on the gate of any compromised base. I bet they would take security much more to heart. Their actions all boil down to a company that wants to make a buck by showing what a great fing job they are doing to fight the war.

        As an active duty Marine, I completely agree with your statements on privacy, I appreciate what little privacy I enjoy and your right to privacy is one of the reasons I have served for 20+ years. I do however take issue with your comparing this instance with our current administration and congress and the military. Politicians are the government that you refer to, not those of us on the ground that are carrying out the fight. Most of us hate the politicians worse than any normal citizen, we fight, bleed etc, they get elected or re-elected based on the B.S. they can sell to the American public. There is not one single politician that has any integrity that I know of.

        Heck, this administration forced me to not be a republican anymore and I will never be a democrat. They all are liars.
        • by Thing 1 (178996)

          I do however take issue with your comparing this instance with our current administration and congress and the military. Politicians are the government that you refer to, not those of us on the ground that are carrying out the fight.

          I'm reminded of the quote, "A job not worth doing is not worth doing well".

          In other words, it really doesn't matter what a great job you and yours are doing. I would rather you weren't there in the first place. That is no reflection on your skills. But you have to admit

          • by sumdumass (711423)
            I don't think that could be more illogical and separated from the point. the people doing the job are doing great jobs at it. The top of the command might be whacked out but they are doing what they consider their best too.

            Here is the problem, In the battlefield right now, Men and women are dieing because people like you say pull the troops out and leave our allies hanging. Now, this might not be exactly as your saying it but it is what is being heard in the places like Iraq where people who support our tro
            • by evought (709897)

              I don't think that could be more illogical and separated from the point. the people doing the job are doing great jobs at it. The top of the command might be whacked out but they are doing what they consider their best too.

              I think the previous poster's point was that if the leadership has gotten you into a bad situation, with impossible or actually detrimental goals, through no fault of your own, doing your job, good or bad, is making things worse in the long run, which is a good reason to dramatically change those goals. When I was in the Pentagon, the general consensus was that the military was there to clean up the mess when the diplomats screwed up. Being able to clean up the mess assumes that at some point the diplomats

        • Dude, go read up and listen to any interview with Ron Paul.

          He at least believes in the truth and god traditional honesty.

          Hes a fully qualified doctor too, i think he delivered 3000 babies plus so hes not a person that takes
          life with a grain of salt like 5 time death defiying lord Chaney.
        • by vtcodger (957785)
          ***This is a pretty misleading headline. U.S. Military? These are government contractors, civilians that do not have a clue about IT security and have not even considered what their actions can result in!***

          Excuse me. Between 1961 and 1990, I worked on a lot of military and government contracts as a contractor. We worked under rigorous security rules defined by the contracting agency -- the government and in most cases the military. The rules weren't always the same as those applying to military person

        • by jafac (1449)
          Speaking for the hapless contractors here;
          A lot of us want to do the right thing, and some of us are even smart enough to do it. Even fewer still, are given the budget and schedule by our superiors to actually accomplish that. And that's IF and ONLY IF, the *customer* can communicate a set of concise, static requirements (and then, actually commit to funding them through the lifetime of the program). Which as we know, in the whole field of IT, let alone Defense Contracting, happens all the time, right?

          In
      • by sumdumass (711423)
        What if, for some reason, they think these plans are already available to some terrorist or not a serious threat and they placed them there in order to get IP address information from computers connecting and viewing the files.

        Work with me a minute on this. If a suspected terrorist goes to a government website, they don't have any clue who is who when checking the server logs. But, if they goto certain portions, they can narrow the field down a bit. Now, instead of searching the logs for who went where and
        • What if, for some reason, they think these plans are already available to some terrorist or not a serious threat and they placed them there in order to get IP address information from computers connecting and viewing the files.

          tor [eff.org]

          Work with me a minute on this.

          Ok...

          If a suspected terrorist goes to a government website, they don't have any clue who is who when checking the server logs. But, if they goto certain portions, they can narrow the field down a bit. Now, instead of searching the logs for who went where and then trying to associate the IP address with a customer from some ISP and then coordinate that with their Internet monitoring logs that they (no longer)need have to have a warrant to watch, they are using this stuff like this to narrow the search down a bit and look for codes as to when the next attack and may be or locations of where terrorist might be.

          Interesting idea. But what about all the scavenge-hunters who will also download the plans, just because they can?

          Something like this airbase, might be low on the security priority scale. They might even be old pictures and diagrams or improperly labeled in order to mislead anyone actually acting on the information. But, with the IP address of the people searching for those files combined with the Internet monitoring programs, it might make a few analyst's jobs easier to detect threats and such. Even if they are using a botnet or compromised computers, they would likely use the same bots to hide their identity when looking for orders or communications and such.

          Well, if the botnet is large enough, such information might be next to useless. And then they'd have to still separate the terrorists from all the other users of the botnet.

          • by sumdumass (711423)
            Tor might not be what you think it is. But I'm not going to argue or question that. I'm just saying that there might be ways to either detect who is who with TOR or maybe it is part of a larger more elaborate scheme. After all, If NASA needed a 19 million dollar toilet, there has to be other projects that some of the price tag would be siphoned from to make a black ops thing work. But TOR could backfire the issues.

            Interesting idea. But what about all the scavenge-hunters who will also download the plans, j

      • by mpe (36238)
        As a citizen, I don't want my government thinking it is in some egalitarian relationship with me and my fellow citizens. The government ought to consider itself subordinate to its citizens.

        All too often you find government thinking that it's privacy rights are more important than those of the public. e.g. consider the recent cases of police officers objecting to members of the public filiming them...
  • by SoapBox17 (1020345) on Wednesday July 11, 2007 @08:53PM (#19833023) Homepage
    Before anyone cries foul...

    From TFA:

    "None of the drawings are classified and we believe they were all handled appropriately per the government's direction," said CH2M Hill spokesman John Corsi. But the company added a password protection to its FTP site after the AP's inquiry and referred the direct request for the documents to the government.
    The DOD has a special category of Unclassified documents called "For Official Use Only" (FOUO) which prevents the information from being released to the public under the FOIA. This information was not classified, but was not supposed to be released.
    • Freeman, who showed the AP the documents from Sandia and the Space and Naval Warfare Systems Command, said he made a conscious effort to avoid information labeled classified but still managed to accidentally download files from Sandia with "top secret" classifications, forcing him to wipe his computer hard drive clean and notify authorities.

      Now, top secret is not suppose to be anywhere near the internet, so it could be disinformation, but I kind of think that this was a real error in handling classified material because it happens. People put things on laptops that shouldn't be there for example. So, what the AP found was unclassified, but that does not mean that classified material has not been treated this way, and the article does point this out.
      --
      Solar power in the wild: http://mdsolar.blogspot.com/2007/01/slashdot-users -selling-solar. [blogspot.com]

    • Re: (Score:3, Interesting)

      by digitalchinky (650880)
      What's interesting is that after spending a good 10 or 15 years with a TS security clearance, I can do the odd 'search' and find an astonishing amount of information put on line by both the military and contractors, the kind of information that would generally land a person in the trade in some rather deep hot water. (or jail) 3 letter agencies don't really have an employment stream for people to sit on google all day looking for in house classified documents. It usually takes a bit of digging by a reporter
    • by Plutonite (999141)

      This information was not classified, but was not supposed to be released.
      Is that like being ugly but having a beautiful soul?
    • Re: (Score:3, Informative)

      by CodeBuster (516420)
      But the company added a password protection to its FTP site after the AP's inquiry

      I hope they realize that FTP does not encrypt the transport, and thus the password, and that this is only marginally better than no password at all until they bother with encrypting the underlying connection (port forwarding 21 or whatever port they are using through an SSH tunnel for example).
      • by digitig (1056110)

        this is only marginally better than no password at all
        Arguably it's worse, because of the false sense of security.
  • yeah (Score:2, Funny)

    by User 956 (568564)
    This is just another example of how Michael Bay's Transformers movie is completely ridiculous. Megatron wouldn't have had to send his Decepticons to break into the government's computers to steal the location of the all-spark.

    As we can see, the DOD would likely just left that information open, available over the web.
    • They put the information in a movie so that we wouldn't believe it was true! Just like the Matrix...
    • I guess they should have used a search engine and looked on Ebay....
    • Re: (Score:3, Funny)

      This is just another example of how Michael Bay's Transformers movie is completely ridiculous. Megatron wouldn't have had to send his Decepticons to break into the government's computers to steal the location of the all-spark. As we can see, the DOD would likely just left that information open, available over the web.


      Funny thing is that Optimus Prime claimed to have learned how to speak our languages on "the World Wide Web", but he didn't once use any l337 speak.
  • "Accidently"?? (Score:5, Interesting)

    by iminplaya (723125) <iminplaya.gmail@com> on Wednesday July 11, 2007 @08:59PM (#19833059) Journal
    Please! So those were the "real" plans, huh? Nod Nod Wink Wink..
    • You never can tell where the lie ends and the truth starts.

    • Cut corners (Score:2, Troll)

      by flyingfsck (986395)
      The actual buildings won't look anything like the plans, due to 'cutting of corners' that is endemic in Middle Eastern construction. So instead of a rectangular jail with 1000 rectangular cells, there will be a roughly circular construction, much smaller than planned, with a few large and somewhat rounded out rooms. This is why mosques always have rounded domes. That is the ultimate example of corner cutting...
  • Keeping secrets (Score:4, Insightful)

    by Aminion (896851) on Wednesday July 11, 2007 @08:59PM (#19833067)
    And somehow, these people manage to keep secrets about aliens, JFK, weapon programs, etc.? ;)
    • Re: (Score:3, Insightful)

      by kd5ujz (640580)
      They still have some people believing Saddam had WMDs, so I do not see a JFK/Alien/Roswell/Moonwalk cover up out of their reach. :P
      • Even worse than the people thinking Saddam still had WMDs were the people who thought he was part of 9/11.
    • Re: (Score:2, Funny)

      by Anonymous Coward
      See, it's all about the master conspiracy. By leaking unimportant information that only some measly civilians and combatants need to be safe, they distract us from the important matters, like alien JFKs programmed to be weapons.
  • by RAMMS+EIN (578166)
    US Military Leaks its Secrets Online

    In other news, water is wet!
  • by detain (687995)
    I have no problem believing that there are countless incompetent people within both our government and military, but they are both run in maners that should prevent mistakes like this from happening. Its my guess that these documents were intended to be 'leaked' and that its no real threat to us to have anyone aware of them. I dont see something like this being an accident at all. Its probably more a strategic move than a mistake.
    • by Danga (307709)
      I kind of thought it seemed like a good way to accidently leak bogus information to confuse the "other side" too. I mean how stupid can you be to put sensitive information out on an anonymous ftp server? I definitely would never even think of putting anything like that on an ftp unless the ftp at least required a password (and even then I would think about who all already has or can get access to that ftp). It seems like security 101 to me. Who cares if the ftp is not indexed? That is like saying it is
    • by dbIII (701233)

      Its my guess that these documents were intended to be 'leaked'

      Your conspiracy theory requires a greater degree of competance than is currently being displayed. Be careful with your credulity. At the far end of this scale there are those that think some elite mob of US spooks engineered 9/11 because only an omnipotent government can defeat itself.

      With corruption, nepotism and political appointees you will not always get people competant enough to do the job. It's not just the head of FEMA there are small

    • Re: (Score:3, Interesting)

      Here's an exercise for you:

      1. Drive around Arlington, VA (where the Pentagon is) and observe all the buildings with the names of defense contractors on them.

      2. Say to yourself, "Everyone in all of these buildings understands that when they upload a file to the company server, it is available to anyone around the world."

      3. Reflect.
  • I find it a bit sad that such things keep on happening all the time (not only to the DOD).

    I do realize that, while everyone agrees that "security" is a good thing, it often gets treated lazily for the sake of usability. Even though I think that giving "normal" (i.e. non-system administrator) users the right to just "put things on the server" (likely via FTP or Windows Shares) is just utterly stupid in any context where some sort of security is required. Things will go wrong because people just don't realize
    • Re: (Score:3, Insightful)

      by qzulla (600807)
      Is there any (operating) system out there with some sensible, security-aware data flow tracking? Such as 'when you copy something from a classified document into a non-classified document the non-classified one becomes classified'? Or attaching this kind of security information to files or other objects? I know that this is a major topic of research in computer science, but have never seen it in real use.

      I work in a class environment. I'll try to answer this.

      Why should the OS care? Who is going to build

    • by vtcodger (957785)
      ***Is there any (operating) system out there with some sensible, security-aware data flow tracking? Such as 'when you copy something from a classified document into a non-classified document the non-classified one becomes classified'?***

      I doubt such an OS exists in any usable form. The problem is that not all the information in a document that is classified SECRET is in fact secret. Some is probably CONFIDENTIAL (A much lower level that does not require a full background check for access). Some is uncl

    • I worked at a company where we had Lotus Notes internally. Additionally to the other fabulous features (such as speed, stability and an intuitive interface) of that wonderful software it supported sending 'confidential' and 'highly confidential' mail.

      Notes? Lotus Notes? The same system that will consume any and all throughput availalbe to it? The same system whose search feature (pre-release 6) would commonly identify the wrong words as successful search results?

      Perhaps it's only my employer's deployment

  • by digitalderbs (718388) on Wednesday July 11, 2007 @09:15PM (#19833209)
    "The posting of private material on publicly available FTP servers"

    $ ftp ftp.usmilitary.com
    220 FTP server (SunOS 4.1) ready.
    Name (ftp.usmilitary.com): guest
    331 Guest login ok, send ident as password.
    Password: guest@guest.com
    ftp>


    Thankfully, they caught on and learned their lesson : "the SRA anonymous ftp server has been shutdown indefinitely. In the coming months, a new secure ftp site will be introduced that will replace the functionality of this site."

    $sftp guest@sftp.usmilitary.com
    Connecting to sftp.usmilitary.com...
    Password: guest@guest.com
    sftp>
    • by Rearden82 (923468) on Wednesday July 11, 2007 @10:18PM (#19833683)
      That's much more "Insightful" than "Funny".

      I had the unfortunate experience of dealing with a government agency whose website was hacked. After a month-long "security audit", their in-house security experts devised a comprehensive plan to lock down their server and prevent it from ever being compromised again.

      The solution, in its entirety, was to turn http://www.dumbass.agency.gov into the new, "secure" https://www.dumbass.agency.gov.

      I wish I was kidding.
    • by smchris (464899)
      Yeah, geez. Damn contractors. Just a _little_ reading convinced me to use ssh/scp on my home DSL LAN. Guess I'm qualified to be a $100,000+ contract troubleshooter to go in and fix this U.S. military intelligence problem. heh, heh.

      Seriously, like they sent some 25-year-old well-placed Republican KID who didn't know crap over to Iraq to set up their stock market, you have to wonder whether this was set up by some retarded bayou kin to somebody in "the party" who could get him the job.

  • by statemachine (840641) on Wednesday July 11, 2007 @09:24PM (#19833273)

    A spokeswoman for contractor SRA International Inc., where the AP found a document the Defense Department said could let hackers access military computer networks, said the company wasn't concerned because the unclassified file was on an FTP site that's not indexed by Internet search engines. "The only way you could find it is by an awful lot of investigation," said SRA spokeswoman Laura Luke.

    Gopher... No one looks there!
    • Gopher... No one looks there!

      ...just like most people would think of comics [or cartoon porn, sadly] if you mention Veronica [wikipedia.org] and Archie [wikipedia.org]...
  • such stuff dont get just "forgotten" - military is not a place that permits human errors to happen frequently like the stuff was coming up about the prison tortures and so on, and a year or so later more, and now this.

    i bet the army left them to leak in order to put more pressure on bush adm, with whom they are constantly in bickering and dislike.
  • by bl8n8r (649187) on Wednesday July 11, 2007 @09:34PM (#19833335)
    > the SRA anonymous ftp server has been shutdown indefinitely

    Anonymous?... FTP? They may have as well put them on bitorrent and named them britneys_boobies.zip
  • So much for our plans of getting our troops out any time soon. Unless this 'leak' was intended to foil such attempts of creating a new base, and actually result in getting our troops home quicker.
  • by RexRhino (769423) on Wednesday July 11, 2007 @11:19PM (#19834095)
    The military accidentally leaks valuable information, and the military intentionally "leaks" disinformation. It is not an either/or thing.

    "Leaking" disinformation would be useless if the military didn't actually leak real information. And if you do accidentally leak real information, it only makes sense to also release disinformation to create uncertainty.

    But there is probably no way that layman like most of us here can determine if this is fake or real simply from the information in the article.
  • Our software company management decided to become very rigorous about software security standards, and so are many of our customers which are Fortune 100 companies. It feels like you are in communist country where nearly anything can be a "state secret". Our software has lots of dependencies on third party libraries, open source, and GPLs which is a landmine here. For example theres a fear terrorists might steal the encryption code in the license manager to send unbreakable messages, etc. Or that competi
  • Ted Striker: My orders came through. My squadron ships out tomorrow. We're bombing the storage depots at Daiquiri at 1800 hours. We're coming in from the north, below their radar.

    Elaine Dickinson: When will you be back?

    Ted Striker: I can't tell you that. It's classified.

% APL is a natural extension of assembler language programming; ...and is best for educational purposes. -- A. Perlis

Working...