Forgot your password?
typodupeerror
Security The Military

US Army Files Found On Second-Hand MP3 Player 184

Posted by CmdrTaco
from the great-seller-+++ dept.
MichaelSmith writes "A New Zealand man who bought a second hand MP3 player from a store in the US found it loaded with the names and personal details of American soldiers, as well as a mission briefing and information about equipment. Chris Ogle says he will return the unit to the US Defense Department if asked, and that it never worked as a music player anyway. A slightly different version of the story is available from TVNZ."
This discussion has been archived. No new comments can be posted.

US Army Files Found On Second-Hand MP3 Player

Comments Filter:
  • by Eddy Luten (1166889) on Monday January 26, 2009 @10:36AM (#26607043)

    Chris Ogle says he will return the unit to the US Defence Department if asked

    They will also be able to conveniently download the contents on Wikileaks.org in 4.. 3.. 2.. 1..

  • by El Torico (732160) on Monday January 26, 2009 @10:42AM (#26607079)

    The Army should ask for the return of the MP3 player (and pay for it), find out who put the files on it, and punish them. I don't expect that to happen.

    • by houghi (78078) on Monday January 26, 2009 @10:46AM (#26607105)

      Most likely they will try to punish the current owner.

      • Re: (Score:3, Interesting)

        by A. B3ttik (1344591)
        I really doubt that the US Army is going to try and punish an innocent New Zealander for trying to do the right thing.

        Although I guess I'm not sure that announcing this to the news was "the right thing."
        • by oldspewey (1303305) on Monday January 26, 2009 @11:01AM (#26607235)

          I'm not sure that announcing this to the news was "the right thing."

          I think it was. Divulging the specific contents of the device might be inappropriate, but letting the world know about a screwup like this is most certainly "the right thing."

        • by whisper_jeff (680366) on Monday January 26, 2009 @11:21AM (#26607465)
          "I really doubt that the US Army is going to try and punish an innocent New Zealander for trying to do the right thing."

          Unfortunately, "doing the right thing" does not protect one from bureaucrats. When someone in a suit wants someone punished, they will find a target, even if it happens to be the person who did "the right thing." My favourite example of this was a woman who worked for a mid-sized company as an accountant. She noticed something questionable on the books and reported it to her boss. Her boss told her to ignore it and proceed. She knew that her boss was dodging the IRS and, not wanting to be a party to tax evasion, she reported the company to the IRS and quit. The IRS began an investigation and found, sure enough, the company was illegally avoiding paying taxes. The company, of course, used every method to dodge the IRS. The IRS, having lost their obvious target, decided to use a different tactic and elected to go after the accountant who was working for the company at the time the questionable events took place.

          The woman who reported the situation to them.

          The IRS ceased her home and garnished her wages (from her new job) to pay off the outstanding taxes. Doing the right thing resulted in this woman being screwed, to say the least.

          Yes, this is an extreme example and it's also an example of the old IRS (they've apparently had their power to abuse people reduced since then - this story took place ten or 15 years ago, iirc). But, it is still an example of someone doing the right thing yet still being turned into a target so that someone in a suit can punish _someone_.
          • Re: (Score:3, Interesting)

            by Anonymous Coward
            Link or it didn't happen
            • Re: (Score:2, Interesting)

              by whisper_jeff (680366)
              Given that I saw it on 60 Minutes (or some such show) about ten years ago, I wouldn't hold my breath waiting for a link...
            • by wsanders (114993)

              It was a friend of a friend!

              It's like a crackhead calling 911 to report their stash got stolen. What do you expect will happen?

            • Re: (Score:3, Insightful)

              by GooberToo (74388)

              If it happened that long ago it may very well be true. Many people don't realize, not so many years ago, the IRS had more power than the CIA or FBI and that changed only after significant IRS reform. IIRC, that changed under the Clinton Administration.

              Literally, not many years ago, if the IRS randomly decided you owed money, they would come in, seize all your accounts and assets. You would literal come home from work to find your crying family on the curb and your house boarded up. On arrival, your car woul

            • by raddan (519638)
              seconded
          • Re: (Score:3, Funny)

            The IRS ceased her home and garnished her wages

            That usage sounds weird to this European - like I'd end up with a sprig of rosemary and a bit of orange peel in my pay packet, or something.

            • The only thing that sounds weird to me is "ceased" instead of "seized". Garnish has two definitions. In this case, it means "take a debtor's wages on legal orders, such as for child support".
          • That's a difficult situation to assess without seeing the actual books. What if she *was* the person who was making a mess of things: she, the accountant, was cooking the books, and claimed her boss was the one doing it when she called him in to the IRS? Consider the movie "The Shawshank Redemption".
            There are plenty of cases where the whistleblower is unjustly persecuted for pointing out problems, but there are also some where whistleblowing is a tactic to disguise malfeasance on the part of the whistlebl

        • Re: (Score:3, Informative)

          by Petrushka (815171)

          I really doubt that the US Army is going to try and punish an innocent New Zealander for trying to do the right thing.

          Not punish, as such, no. But he has had access to information that the US didn't want him to have. I would imagine red flags will be popping up next to his name for quite a long time: he should be very very circumspect if he ever has to go through US immigration, for the foreseeable future.

          Although I guess I'm not sure that announcing this to the news was "the right thing."

          He gave a copy of the files to the local news, according to the TVNZ article.

      • by jandrese (485) <kensama@vt.edu> on Monday January 26, 2009 @11:03AM (#26607257) Homepage Journal
        My guess is that like so much stuff found in second hand shops near bases, the MP3 player was stolen from the previous owner and sold for beer money. The files on it probably weren't classified or particularly sensitive and the previous owner was using it as a fancy thumb drive.
        • The files on it probably weren't classified or particularly sensitive

          I'd say names coupled with locations and mission briefings were pretty sensitive, wouldn't you? I don't expect there were any missile launch codes on the player, but still - these pieces of information could have been used for the wrong purpose and could potentially have done harm.

        • by Thelasko (1196535) on Monday January 26, 2009 @11:42AM (#26607705) Journal
          This would also make a good cover for spies.

          It works like this:
          1. Spy fills MP3 player with classified information.
          2. Spy drops off MP3 player at local second hand shop.
          3. Handler buys MP3 player.
          4. Profit!
          • by jandrese (485) <kensama@vt.edu> on Monday January 26, 2009 @12:07PM (#26607975) Homepage Journal
            Wouldn't it be easier to just hide it somewhere (out in the woods for instance) instead of involving a third person who could potentially id both of you if the army comes looking?
            • by sjames (1099)

              There are a few 'pawn shops' out there that specialize in having a bad memory. While the woods does avoid a certain third party, the 'pawn shop' has the advantage of covering a big crime up by making it look like a believable petty crime.

              Odds are it is a petty crime, but it's worth looking in to anyway.

            • by Thelasko (1196535)

              Wouldn't it be easier to just hide it somewhere (out in the woods for instance) instead of involving a third person who could potentially id both of you if the army comes looking?

              To be fair, a third person could stumble upon it no matter where it's hidden. If there is a stream of stuff at second hand stores near military bases, as the GGP posted, they might think it's more inconspicuous than taking trips to the woods, etc.

              To be honest, if I were such a spy, I would at least give the files a .mp3 extension. I don't know how spies work, but it's still plausible.

            • Mistakes happen.
          • by Unnngh! (731758)
            You missed a step: ???
      • Most likely they will try to punish the current owner.

        What, they're going to sue him for buying what he was offered?

        • No, it doesn't make sense. But that won't necessarily stop the Army from trying to punish him for being in possession of "government information."
        • What, they're going to sue him for...

          They can make up some stuff:

          • He is a foreign national who purchased top secret government information.
          • Possession of top secret government information.
          • Transportation of top secret government information out of the USA.
          • Viewing top secret government information

          I'm not saying it's right just sayin'.

    • by MikeRT (947531)

      The military has already begun a comprehensive policy of prohibiting these devices for this very reason after that worm went through a bunch of military systems because of infected key drives.

      • by wiredog (43288)

        Most of the US Gov is banning USB key drives, music players plugged into computers, and any other read/write media.

        • I used a firewire based iPod on a military system within a secure area (on unclassified computers only though) for about three years until the security dweebs figured out what an "iPod" was and what "firewire" meant.
        • Most of the US Gov is banning USB key drives, music players plugged into computers, and any other read/write media.

          When they should be banning operating systems that allow these devices a convenient attack vector. Seriously, why should a removable device has executable privileges and access to critical system files?

          • This article wasn't about infection or transfer of system files, it was about discovery of mission and personnel data being found on a second-hand USB device. A non-Windows OS wouldn't have necessarily helped, in this case.
      • by shentino (1139071)

        Windows Autoplay was a major aggravating factor in that case.

        Since you can't trust everything that's on a removable storage device, ESPECIALLY one that's rewritable, automatically executing it is just plain stupid.

        You wouldn't execute a random binary you downloaded off the web, so why should your computer simply autoplay a random-ass flash drive?

        • by ptbarnett (159784)

          Windows Autoplay was a major aggravating factor in that case.

          Which is why I turn off auto-play on every one of my Windows computers, and advise everyone within earshot to do the same.

          Tweak UI [microsoft.com] is a Microsoft "Power Toy" that allows you to turn off auto-play on all devices easily. There might be a way to do it without the power toy, but I don't know it off-hand.

          Unfortunately, it's only available for Windows XP. I've read that someone has developed a similar utility with nearly equivalent functionality for Vista, but I don't use Vista.

          • Security Policy.
            Local Security Policy (gpedit.msc) for, 2000 Professional, Windows XP Professional or Vista Business. Or the server versions thereof.

            I Think tweakUI is the only way to do this with the "home" (aka toy) versions of Windows.

            For the Domain, then you have Domain Policy. I disable autorun, on all drives, on my domains. I can't think of a single reason to ever enable it. I've never had a single helpdesk call about "how do I install 'x'". Users quite happily live witout it.

            Trend Micro (et al) have

    • Punish them for what? Is it illegal to keep names and information of unclassified material on your personal computer /mp3 players? At worst, it's FOUO (for official use only) information. While it could reflect on your performance evaluation negatively, there is nothing illegal about the release of FOUO information.
      • Re: (Score:2, Informative)

        Punish them for what? Is it illegal to keep names and information of unclassified material on your personal computer /mp3 players? At worst, it's FOUO (for official use only) information. While it could reflect on your performance evaluation negatively, there is nothing illegal about the release of FOUO information.

        If it contains the names & details of armed forces personnel it could very well be defined as a national security breach. The fact it contains a mission briefing & details of equipment would pretty much seal that one.

        • If it contains the names & details of armed forces personnel it could very well be defined as a national security breach. The fact it contains a mission briefing & details of equipment would pretty much seal that one.

          All that is available on wikipedia anyway. What do you want to know about the M16 that isn't freely available?

          • Re: (Score:3, Funny)

            by geekboy642 (799087)

            The most sophisticated weapon the united states military ever fielded was an M-16. Clearly, this iPod contained detailed technical schematics of this unbelievably powerful rifle. Also, every battalion publishes their entire enlisted roster on wikipedia every third saturday, so the Privacy Act [wikipedia.org] doesn't matter either. Not to mention, mission details are routinely cribbed from bad Tom Clancy novels, so there couldn't be any important information there.

            It's all about the M-16, baby. Those dirty communists are go

          • There are pieces of military equipment, the details of which should remain secret. The army is more than M16's and HMMWV's after all.
      • by Gogo0 (877020)

        The act of using a personal device on the Army network was a violation of Army Regulation 25-2, a large document that DoD users agree to when they sign an Acceptable Use Policy prior to receiving a network account from their local DOIM (IT shop).

        The act of connecting the personal device to a government workstation makes it Army property, and punishment is usually decided by the user's CO or Director, and can range from a warning to being fired.

        • The act of using a personal device on the Army network was a violation of Army Regulation 25-2

          Hmmm, I keep seeing this assumption, but it's not stated in either article that the previous owner hooked up the mp3 player to a DoD computer. More likely, the guy did some work on his home computer, then uploaded it to his mp3 player. That's why I think this is a complete non-story.

          • by Gogo0 (877020)

            CLASSIFIED data is not allowed on a personal computer (in case the data was CLASSIFIED).
            I dont see anything about unclass material not being allowed, but think about it for a minute...

            Back before the USB media ban, information could be moved about on USB media with no enforcable restrictions. If the user took a DoD USB or CD with files on it to their home, why did they need to put it on an mp3 player? perhaps it was on a CD and they didnt have a cd burner to burn the updated files for transport back to work

    • Re: (Score:2, Informative)

      by furby076 (1461805)

      You don't think the army punishes people for violating secure data storage and usage? While slashdot is well-known for it's pessimistic view on life and thinks that every situation requires a tin foil hat you should a LITTLE more faith.

      By bringing this to the attention of the DoD they can determine what needs to be done with the MP3 player (most likely buy it from the person). The army takes a very dim view on allowing the names of its personnel leaking to the world. They are very protective about their

      • Re: (Score:3, Interesting)

        by El Torico (732160)
        I've been in the US Army and I've worked with the US Army for a few years, and I've never seen anyone punished (Article 15 or court martial, or even a counseling statement) for an Information Security violation.
    • There has been many attempts to steal information from America. It is possible that this was stolen by a civilian that works on base and was looking to sell it.
  • by ITJC68 (1370229) on Monday January 26, 2009 @10:54AM (#26607171)
    If the military is not smart enough to purchase this item from the person and investigate how and who placed those files on this player then security is an afterthought and obviously flawed. This type of information couldn't have been obtained by a low level recruit either but someone higher in the chain of command. Either the FBI or the CIA should look into this without military oversight so there is no chance of influence. I doubt it will happen but I hope they do.
    • Re: (Score:3, Informative)

      by stewbacca (1033764)
      That is such an over-the-top reaction. First of all, this sort of thing happens to the magnitude of thousands of times a year. Check any E5 in the Army, and they've got a green "leaders" book with all kinds of personal information about their squad members. In the electronic age, all this stuff is also on their personal computers.
    • Re: (Score:2, Funny)

      by Dysproxia (584031)
      I also happen to have several low-cost memory devices that contain what might or might not be top secret US military data. I'll gladly offer them for purchase.
  • Daily occurrence (Score:5, Insightful)

    by mseeger (40923) on Monday January 26, 2009 @10:55AM (#26607185)

    Hi,
    i would expect this to happen on a daily basis. Usually the buyer will not be a journalist but some kid. The typical kid will say "boring stuff" and have those files deleted before finishing yawning. By doing so, they prevent more security leaks than most security officers.
    Sincerly yours, Martin

    • Re: (Score:3, Insightful)

      by Yvanhoe (564877)
      But this happened so many time that it became prevalent and finally, someone with more insight got his hands on one. The performance of a security officer is not measured by the number of leaks he prevented, but by the number of leaks he let go...
  • What would you do? (Score:5, Insightful)

    by mwilliamson (672411) on Monday January 26, 2009 @11:00AM (#26607227) Homepage Journal
    Seriously, I'd just overwrite the device with a utility such as dban [sourceforge.net] then keep my mouth shut, forever. This is the advice I'd offer anyone in this sort of situation. I actually take it a step further in that I dban _every_ used storage device I get without first looking to see what is on it, so I have no clue if I ever received something via a second-hand device that I should not have.
    • by L4t3r4lu5 (1216702) on Monday January 26, 2009 @11:51AM (#26607789)
      A guy in my local (sorry, no citations) was sent an indecant image of (obviously) a child, and called teh police. They duely arrived, took a look at it, and took the guy out of the room.

      "Ok Sir, i'm going to go out the front door and close it behind me. Before I knock on your door again, that picture will have been deleted from your computer and you'll have forgotten about it. IF you mention it, i'll have to arrest you for posession of an indecent image of a minor."

      Even the cops think things like this are best swept under the carpet.

      Disclaimer: UK Law, YMMV
    • by Petaris (771874)

      We received some donated computers from the US Army Corps of Engineers and one of them hadn't even been wiped even though the tag on it said the drive was degaussed. I wiped the drive with DBAN and called them up to let them know. They thanked me and said it wasn't a big deal as none of the donated computers had access to classified info as they physically destroy those drives. Still kind of eerie as all the rest had been wiped. I have also found a few CDs in the drives including gov branded win XP disk

    • by Thanshin (1188877)

      I actually take it a step further in that I dban _every_ used storage device I get without first looking to see what is on it, so I have no clue if I ever received something via a second-hand device that I should not have.

      At least now you have a written declaration to show your torturer. Maybe he'll believe that.

    • That assumes you can dban it. If it was an MTP-only device you might have difficulty.

  • What an idiot! (Score:2, Interesting)

    by tyroneking (258793)

    Why did he come out and admit this? The US will either try to extradite him or ban him from entering the US again. And the poor soldier responsible will get shafted too. For what? Just wipe the drive and pretend it never happened moron.

    • And the poor soldier responsible will get shafted too. For what?

      Err, he/she will get "shafted" for putting at risk a bunch of people's personal information, as well as information about equipment and a mission, maybe? Would you be thrilled if this genius had dumped your info onto an MP3 and sold it to some random stranger?

      If somebody was stupid enough to load a bunch of other people's info onto some personal storage device, then apparently somebody *needs* to smack them upside the head and tell them not to do that any more.

    • by socsoc (1116769)
      Because this is just the tip of the iceberg. I know IT folks in the armed forces that have been in Iraq and Afghanistan and it's just a mess. Hell, they still bring back physical artifacts, data is nowhere near as secure as it should be. You can't really disable everything because they are so far removed, but the front line takes advantage of that... it's a very fine line to try to walk.
  • by MikeRT (947531) on Monday January 26, 2009 @11:08AM (#26607333) Homepage

    Few seemingly innocuous things can get you in greater trouble in any part of the federal government, especially the DoD than bringing a personal portable storage device into an area that is restricted. Copying sensitive information onto one is, itself, a very serious offense that if a soldier gets caught doing will not only revoke any security clearance they had but quite possibly end their career in the federal government.

    • Few seemingly innocuous things can get you in greater trouble in any part of the federal government, especially the DoD than bringing a personal portable storage device into an area that is restricted. Copying sensitive information onto one is, itself, a very serious offense ...

      That's why Sandy Berger became his own "personal portable storage device".

  • So what? (Score:3, Interesting)

    by TooMad (967091) on Monday January 26, 2009 @11:20AM (#26607451)
    You can find secret information on wikipedia. After getting out of the service I decided to see if certain details were on certain pages and found the secret information. There is probably much more throughout the entire site that seems quite benign but it is still classified.
  • by Minwee (522556) <dcr@neverwhen.org> on Monday January 26, 2009 @12:09PM (#26607989) Homepage

    Chris Ogle says he will return the unit to the US Defense Department if asked, and that it never worked as a music player anyway.

    Oh, so it was a Zune?

  • Ding Chavez (Score:3, Funny)

    by cerelib (903469) on Monday January 26, 2009 @01:12PM (#26608993)
    I hope the files did not include the full dossier of Ding Chavez and his detailed plans for hostage rescues.
  • I watched Burn After Reading last night, so this article is kind of funny. Sounds like a bunch of interesting-looking but ultimately useless information. Just don't let George Clooney shoot you in the face as you hide in John Malkovitch's closet, okay?
  • by Richy_T (111409) on Monday January 26, 2009 @01:54PM (#26609639) Homepage

    I also recently purchased a used IPOD and found important naval information stored on it, most notably recruitment details describing how new recruits would be able to

    • Learn Science Technology
    • Learn to fly
    • Play in sports and skin dive
    • Study oceanography
    • Sign up for the big band
    • Or sit in the grandstand

      When your team and others meet

    • sail the seven seas
    • put your mind at ease
    • join your fellow man

    amongst other available activities. In the interests of national security, I deleted the file in question immediately.

MATH AND ALCOHOL DON'T MIX! Please, don't drink and derive. Mathematicians Against Drunk Deriving

Working...