Air Force Emails Sensitive Information to Tourism Site

Khuffie writes "The US Air Force has been sending sensitive information, including flight plans for Air Force One, to a website promoting the town of Mildenhall in Suffolk. When told of the error by the site's owner, the Air Force did not attempt to fix it at first. When reminded at a later time, instead of fixing the issue, they advised the owner to 'block unrecognizable addresses from his domain and have an auto-reply sent reminding people of the official Mildenhall domain and blocked his website from access on base.'"

The Airforce...

[megla]

...because it's always someone elses problem.

Re:

[Brian Gordon]

Oh please, "security breaches"? What enemy could possibly challenge the US air force?

Re:The Airforce...

[megla]

I'm guessing being emailed confidential deployment plans and the route for Airforce 1 would get them off to a good start!

Re:

[ozmanjusri]

the route for Airforce 1

Are you kidding?

An attacker who took that turkey down would get a pat on the back and free beers in every bar across the United States. Any sensible enemy of the US will make damn sure that's the last bird still in the air.

Re:

[Anonymous Coward]

That's not only ignorant, it is also blatantly incorrect. Regardless of the feelings for the man in the office, the office itself is symbolic of the United States. Just think of how long we've spent after the destruction of symbols of US capitalism, the World Trade Center Towers. Multiply that by 1000, and you'd have the reaction if someone were to take out the President of the United States.

Re:

[siliconspirits]

Like the reaction and 'intense' investigation that took place after JFK was assassinated?

No one even crashed a plane into a building with that, or shot down a plane...they just brought a rifle to a political event, aimed and fired. I think many Americans would be happy to watch him die, as a clear enough separation has been made between his personal incredible stupidity and the honor and distinction of the office itself during his terms in office.

I personally, think that no one should 'die' for their

Re:

[operagost]

I think it's sad that so many people are driven by hatred.

Re:The Airforce...

[innerweb]

.there is a level of accountability that should be enforced both during, and after your time in office

Yeah - nothing against you, but come on. Bill Clinton got caught with an extra-marital affair, and was put up for impeachment for lying under oath about it. The current president lied, manipulated people in positions of authority and created an environment where his business allies could earn billions off of the war and he is not even being investigated. *accountability* Give me a break. Pres Bush Jr is the one who finally showed me the futile light of our current governmental/business systems.

The current president has done more damage to our future than any other force, person or organization in the US's history. There really is a price to pay for the incredible amount of debt we have and the debacles in Iraq and Afghanistan. It creates instability in the regions, the world, the markets and it weakens our governments ability to deal with a real crisis when it occurs (and they do occur). Saddam was evil, but not a crisis and through GW's actions, we have given fundamentalism another strong foothold in the Middle East. We can not afford (financially) to stick around long enough in Iraq to fix the problems that are there now.

He has made thousands of people incredibly wealthy (not just wealthy) with his politics. If there has been a President in history who needs to be investigated for the well being of our national future, if not only for the strong potential for serious criminal conduct, it is President Bush Jr.

Accountability is only possible with transparency and memory. People have to be able to see and then want to remember what they have seen. As we have neither in sufficient quantity, we do not have accountability. I think Bush will walk away from this a wealthy man with no fear of being prosecuted for what he has done.

InnerWeb

Re:The Airforce... Whooa...

[davidsyes]

There *could* be a *WO*man in the office someday.

Personally, when I was in uniform and when I was taken in hand for criticizing a sitting president (84-88, and this happened around 86) I was told (or probably given an implied order) to RESPECT THE MAN IN OFFICE. To hell with that. If an idiot or dunce is in office, call a spade a spade. But, if fools someday (or in the past) take/took office, it would be tragic to not challenge that. I take GREAT offence at being told to unwaveringly GIVE my support for *th

Re:The Airforce...

[rkanodia]

Just think of how long we've spent after the destruction of symbols of US capitalism, the World Trade Center Towers. Multiply that by 1000, and you'd have

'Jesus, that's...'
'Yes. Nine hundred and eleven thousand.'

You're crazy

[jgoemat]

An attacker who took that turkey down would get a pat on the back and free beers in every bar across the United States.

Who among us would be happy to have Dick Cheney as president?

Re:

[Anonymous Coward]

I for one welcome our new judge-shooting president...

Re:You're crazy

[ahodgson]

He's been president for 7 years ...

Re:The Airforce...

[Red Flayer]

The budget.

Military spending is a huge contributor to the US's debt problems, and anything that reduces the efficiency of the military contributes to the problem. Consider how expensive the air force is to maintain -- when it comes time to curtail the military budget, the air force has a lot of low-hanging fruit.

Security breaches and awareness of systemic ineptitude will just increase the likelihood that the air force will be targeted with more cuts.

Never mind the fact the a security breach, if taken advantage of by the wrong people, could be *very* expensive.

Re:The Airforce...

[172pilot]

How I wish that were true, but you miss a fundamental difference between private industry and the government... When a private company has such efficiency problems, it goes out of business, but when a government agency has trouble, the trouble is presented as "evidence" that "the problem is bigger than we thought" and that more money needs to be allocated to correct the problem. Of course, the fundamental problem which is ignored is the leadership of the organization wasting the money, so the problem never gets fixed, but budgets get bigger and bigger.. At least in the Military's case, their function is one which can be justified by the Constitution - Most of the other government waste is in programs that the government has no right to be spending a dime on in the first place...

Re:

[Red Flayer]

Very good point.

I'm just wondering how much of it applies during times of budget contraction, as opposed to the status quo of annual expansion... because we're going to need to shrink the military budget in the next few years... whether it's done via inflation or visible cuts, I'm not sure.

Did you expect the Air Force to be 100% efficient?

[howardd21]

I was in the US Air Force for 12 years, and and have now been in private industry for about the same, and I can tell you the USAF is reflective of all organizations. It makes mistakes like all others, exceeds standards in a lot, and at the end of the day gets the job done using the resources allotted to it. If there is low hanging fruit there, it is generally no more or less than anywhere else.

Re:

[Red Flayer]

You understand what a low-hanging fruit is, right?

It's no reflection on the quality or caliber of people and projects in the AF.

When your goal is to pick fruit from a tree, the low-hanging ones are the easiest to reach and thus the first to get picked.

When your goal is to cut costs, the low-hanging fruit are the ones that are easy to cut because they are 1) big-ticket items where a small reduction in qty yields a large cost-savings and 2) there is little direct elimination of jobs.

Naval yards, for examp

Re:

[Mushdot]

If you read the article you would know that sensitive information, including flight plans for the president and military tactics were received. So with that information it may not be such a challenge.

Re:The Airforce...

[Serious Callers Only]

The real question is what is sensitive information like that doing being sent over email without encryption. If they're sending things like flight plans and military tactics via plain email, it should be considered a security breach no matter who the recipient is. Anyone could easily read it on the way between the two servers, it might get forwarded to someone who shouldn't see it, it can be changed by servers en-route or bogus data inserted etc etc. I imagine most security services would find it easy to infiltrate an ISP here and there and watch traffic as it goes through, and no one would be any the wiser.

Re:

[Midnight Thunder]

The real question is what is sensitive information like that doing being sent over email without encryption.

You only need to send stuff encrypted if you have something to hide ... oh, wait, heck, idiots.

Re:The Airforce...

[richlv]

he should simply autoforward those mails to wikileaks

Re:

[somersault]

I'm hoping that was sarcasm? The fact that it's so ludicrous hints at it, but I'm worried you were serious..

Re:

[ta bu shi da yu]

The aliens in Independence Day did. Threatened them, but didn't defeat them. But how do you know that they haven't disguised themselves as tourist operators in Suffolk? This could be chance they need to retake the earth.

And I don't know about you, but I don't think I could stand a sequel to ID4.

Re:The Airforce and no IS Security

[callistra.moonshadow]

I think that this may have to do with bravado, but more likely it has to do with plain old ignorance. I seriously doubt the Airforce has good IT personnel. Maybe I'm being an IT snob, but from what I've heard from family members that work in government and other civil service (one is pretty highly ranked) is that (as we all know) woefully behind the times. I suspect that an email about data being sent to a public URL may have been seen as cryptic to whatever administrator ended up with the information. On a different thread I was talking about identify theft and how the government is one of the largest areas where proprietary data is stolen from. I think that it's just another symptom of a much more systemic problem within government agencies in the US.

--cally

Re:The Airforce and no IS Security

[yuna49]

I was bothered by the Air Force's casual response to this problem as well. Not to mention their mistreatment of the domain owner, telling him to rewrite his 550 SMTP reply to inform senders of the base's domain. Why didn't a "Communications Squadron" offer to work with the domain owner to resolve these problems? The fact that the USAF shrugged off this rather simple problem onto the domain owner tends to confirm your suspicions about the quality of their IT services.

Re:

[deniable]

It could be funny if you don't select for the sending domain. This is roughly the error message I'd use:

That address doesn't exist here, please check it and send it again.

If you are with the United States Air Force please use other-domain.uk instead of ourdomain.uk.

Thank you, have a nice day.

Not likely to do anything, but I'd wonder if I got that message.

Re:

[whoever57]

Not to mention their mistreatment of the domain owner, telling him to rewrite his 550 SMTP reply to inform senders of the base's domain.

If you RTFA, you will see that it was RAF Mildenhall who gave this advice. As the intended recipients, not the senders, this was probably a good thing to do. One can only hope that they also notified the USAF of the problem.

Re:

[corbettw]

Why didn't a "Communications Squadron" offer to work with the domain owner to resolve these problems?

Why didn't someone just update the distribution list in Exchange? How freakin' hard is that?

Besides, these emails should have been going over SIPR (secret military VPN), not NIPR (public Internet). The SIPR machines can't route email to NIPR networks, so the problem never would've happened in the first place if proper OPSEC had been followed. Someone needs an Article 15 for this.

(I'm a former IT1 in the Navy, and worked with Air Force guys in Operation Northern Watch, and I can state that all of the Air Fo

Re:

[JasterBobaMereel]

That's an easy one : China

How good are the Air force at hitting Suicide bombers, without killing civilians?

How good are they against submarines

How good are they against ICBMs

Go and put the Jingoism away and realise and airforce cannot win any war on their own, and do not even have a role in many battles?

Re:

[peragrin]

Vietnam and North Korea had weapons support from china. iran and North Korea wouldn't last three months on their own. Palenstine can't keep isreal out, let alone anyone else. I think you mean Pakistan. Pakistan would fight bravely and even win a few battles but would be overcome.

China,India, and Russia though would. Any fight with either is just stupid. We walked over Iraq, and afganistan because they didn't have weapon support from russia or China.

Iran may or may not have nukes. but it's airforce is

Re:

[Lars T.]

Vietnam and North Korea had weapons support from china. iran and North Korea wouldn't last three months on their own. Palenstine can't keep isreal out, let alone anyone else. I think you mean Pakistan. Pakistan would fight bravely and even win a few battles but would be overcome.

China,India, and Russia though would. Any fight with either is just stupid. We walked over Iraq, and afganistan because they didn't have weapon support from russia or China.

Actualyy, I think you couldn't even attack Iran right now, because you wasted all the high-tech weapons in Afghanistan and Iraq. How many Tomahawks does the US have left?

Re:The Airforce...

[morgan_greywolf]

You seriously think that we "walked over Iraq"? Perhaps it escaped your attention but we are still fighting there, and we have not won yet. I suggest you read more newspapers.

While I agree with your sentiment, I feel I have to point that we did "win" in Iraq. The regime in Iraq changed. We defeated the Iraqi military. What we're still fighting over there, though, isn't so much as the "enemy" as it is just basically mass chaos, which either U.S. military intelligence either knew or should have known would happen in a country splintered and segregated along ethnic, religious and cultural divisions. After all, isn't that why there's never been any significant time of peace in the nation of Israel since its founding in the first half of the last century? (Not to mention that other people from outside of Iraq are capitalizing on this chaos and taking pot shots at the U.S. military whenever possible.)

Y'all have to look past the rhetoric coming from both sides of the political aisle and see the situation for what it is: fubar'd.

Re:

[i_ate_god]

UK: "Hi arabs, we need your help!"
Arabs: "Hmm? What for?"
UK: "Well, you don't like those greedy turks running your land do you..."
Arabs: "Hmm.... no. No, no we don't."
UK: "Ok, listen up. We can help each other. You help us overthrow this empire, and you can have your land back, since all we care about are the germans really!!"
Arabs: "Wow, really?"
UK: "PROMISE!"
Arabs: "OK!"

-- Ottoman falls, Britain takes what it wants in the middle east, negotiates with France for the rest --

UK: "SURPRISE! ISRAEL!"
Jews: "pwn

Re:

[Scrameustache]

it is just basically mass chaos, which either U.S. military intelligence either knew or should have known would happen in a country splintered and segregated along ethnic, religious and cultural divisions.

Now now, NO ONE could have known it would turn into a quagmire [youtube.com].

Re:The Airforce...

[aug24]

In other news, the Air Force has requested that prostitutes, drug dealers and off-licences refuse money from US Airmen, and tell them to spend it on something moral and all-American instead.

Military intelligence, it would seem..

[the_rajah]

is still an oxymoron.

Re:

[Eil]

One thing you have to understand about the military is that for every uniformed soldier, airman, sailor, or what-have-you, there are 3 more civilian government employees doing the routine stuff like keeping the base facilities repaired, managing the supply system, or (unfortunately) maintaining the base's entire I.T. infrastructure.

At every single Air Force base I was stationed, the network staff was entirely comprised of should-be retirees who had been working for the federal government since the stone age

more sites

[Goffee71]

quickly signs up for:

colonelblimp@area51.com
thechief@whitehouse.gov
maninred_onthegate@certaindeath.com
admin@guam.com
fatgord@no10.co.uk
binladen@caves_r_us.pak
just to see what comes my way

Wait a minute.

[Jikrschbaum]

Isn't the Airforce the branch that has been tasked with Cyberspace security? Some kind of Cyber Command? Military Intelligence at its highest magnitude.

Re:

[Kiuas]

Military Intelligence at its highest magnitude.

"The military intelligence
Two words combined that can't make sense" -Megadeth, Hangar 18

Re:

[Svartalf]

They would like to have that role. But if this is how they handle security...heh...

Re:

[dcollins]

Have you seen the new recruiting ads on TV that are precisely that, some guy at a screen in a bunker protecting the Pentagon from "3 million intrusion attempts a day?"

Tag line is now "Air - Space - Cyberspace".

NY TImes

[jefu]

There was also a full page ad in yesterdays (dead tree) New York Times saying the same kind of thing. Too bad we can't arrange for the Times to do a story on this and arrange it to be on the facing page from the USAF's next ad.

Send in the B2's

[DeeVeeAnt]

It's the only way to neutralise the tourist threat!

Re:

[ta bu shi da yu]

Hilarious!

Conspiracy!

[neokushan]

It's almost as if they WANT someone to kill the president....

Re:

[oliverthered]

who doesn't

Re:

[frodo from middle ea]

I don't. Killing people turns them in to martyrs.

Re:

[peragrin]

That's right Cheney and bush should go out Duck hunting together some time.

We get rid of them both.

Re:

[schon]

I most certainly don't. Unless they can take out Cheney at the same time.

You know why the democrats haven't had Bush impeached? Because they'd rather have him than President Evil.

USAF 1, british civilians 0

[Chief Camel Breeder]

I see from TFA that the owner finally took his site off-line because of the problem. So the USAF probably considers the problem solved. Another triumph for American diplomacy.

Re:

[Brian Gordon]

US Air Force. Don't be fooled by the bbc domain :)

Re:

[xrayspx]

And the website and air base are in Suffolk in the UK, don't be fooled by the .com TLD :-)

Re:

[networkBoy]

Doesn't matter. GP point remains. There is no way a USAF base would/should have a non .mil or .gov address.
-nB

Stable doors

[Silver Sloth]

It was only after sensitive information had leaked that anything was done about it.

Re:

[WK2]

To be fair, according to the summary the Air Force never closed the stable doors. Perhaps they were thinking, "Oh well. What's done is done." The thing is, they really should stop sending sensitive information via email in order to lessen future threats.

On the other hand, this will make it easier to kill the president.

The Cheney Effect

[TheSixth1]

The Vice president accidentally shoots a man in the face, and it's the mans fault for getting in the way of the buckshot. The Air Force emails sensitive information to a website owner, and it's the site owner's fault for receiving it.

The Cheney Effect is spreading!

Re:

[mgblst]

Just as it was the fault of that lighthouse getting in the way of that battleship.

Re:

[hansamurai]

There was that one time I was the cameraman shooting a "video" and I got "shot at". Certainly didn't call that the Cheney effect then.

Re:

[ptbarnett]

I suspect it was birdshot rather than buckshot.

It was. Probably #8. They were quail hunting in South Texas.

Everyone likes to make jokes about this unfortunate situation. But, unless you've been quail hunting and know what every person has to do to hunt safely, it's just a joke that depends on the listener being just as ignorant.

OPSEC and COMSEC

[Ethanol-fueled]

This from the mighty mighty Air Force which banned blogs, which accidentally flew nukes cross-country, which wants to start a "Cyber-Command." Not trying to flame, but why do they insult their own intelligence by banning the viewing of blogs [wired.com] while allowing this sort of crap to happen?

Re:

[qoncept]

They blocked access from military computers. You can read what the slut next door is doing from home, but at work you're supposed to work. If they blocked something useful, you say "hey, I need to read this web page" and they unblock that one. Smart Filter can be funny though. They blocked wikipedia. Category? "Education/Reference"

Join the Air Force!

[elrous0]

We fuck up more before 8 a.m than most people fuck up all day.

E-mail is a postcard

[mdmkolbe]

If the Air Force is sending that info over unencrypted e-mail, they have bigger problems than just the e-mail going to the wrong domain.

This kind of makes me suspicious that he article might just be hyperbole.

Re:

[Svartalf]

One has to wonder about that...

However, having said this, it's not the first time someone screwed up bigtime on a DoD system.

We've had other sloppiness come to light from some of the Titan Rain hack announcements-
basically, we've had a bit of low-grade (thankfully) leakage of things that are not classified
but not for general public consumption, stuff classified Confidential and Secret out of
boxes that should NEVER have had the information on them in the first place as they weren't
trusted systems.

As it stand

Re:

[Twisted Willie]

Mod parent up.

If flight plans of Air Force One are being sent over a public network in plaintext, it doesn't matter in whose mailbox they end up really.

Re:

[ironwill96]

I also was thinking about that too! If they are so dumb as to think sending an e-mail out constitutes private communication as it passes across who knows how many servers that can all make copies of it on the way there, we're screwed. I would think things like Air Force One flight plans and confidential information should be sent through encrypted satellite connections run by the government or for really sensitive items carried in person via diplomatic couriers.

Hmm

[rolfc]

I wonder if taking down the website will stop the emails from coming?

Nope, I dont think so.

Re:Hmm

[gsslay]

It'll remove that cunning "click here to submit US Airforce secrets [mailto]" link from his homepage.

Re:

[jrumney]

In related news, the domain of mildenhall.com will now be available for purchase again. Bidding starts of $5 million...

Sold to a Mr O. Bin Laden, address unknown.

preemptive move

[Atreide]

'block unrecognizable addresses from his domain'

isn't it more effective if air force domain names are removed from world wide dns ?

Re:

[will_die]

It wasn't the domain name it was the 'To' email address. The owner of mildenhall.com had it setup so all email address went to a single, or a couple, email boxes so send email to Iknowthisisanonusedemailaddress@mildenhall.com would be received by the owner.
The air force solution was to block all but the email addresses the owner of the site knew were valid and being using on the site.

"Advised"?

[gmuslera]

How you tell them also matters... what if the messages were more or less like:

Tourism site: All your air bases are belong to us
USAF: Measure 1
Tourism site: All your air bases are still belong to us
USAF: Measure 2

Is so outrageos this way.

Shut down his domain!

[Arancaytar]

It's the only way to be sure [wikileaks.org]!

(Wait, technically, that *would* be effective in this case. Reprehensible, but effective.)

BBC...

[mathimus1863]

I love how I have to read other country's news reports to find out what's going on in my own country...

Re:

[soliptic]

I love how I have to read other country's news reports to find out what's going on in my own country...

This was going on in the same country as the news agency. This isn't the BBC reporting on events in America, it's the BBC reporting on events in Suffolk [google.com].

Re:

[soliptic]

Sorry to reply to myself, I got distracted by actual real work (good grief!) and submitted by mistake without saying the actual point.

That is, although Mildenhall is in the UK, I think strictly speaking you may still be correct, as USAF Mildenhall may be technically considered US soil. I don't remember the details of international agreements on this (I'm sure Wikipedia will give you a start, if you really care), but I know my band were hired to play a gig there about 10 years back, and entering the base

New way to leak classified "news"

[failedlogic]

Dear Media Agency,

It has come to the attention of the Air Force that it is likely your e-mail servers may have inadvertently received confidential Air Force e-mails. These e-mails were sent in error. We beg and plead with you to not consider this a "leak" to your organization. These "leaks" will arrive to you though regular channels. As you may have received several thousand e-mails we ask that you forget everything that you read and delete everything. If you print a story about this and decide to publish some example e-mails, please contact us as we will help you find some really juicy e-mails. Again, we did not do this on purpose.

Since our e-mail servers are already having some serious problems, if you are not the intended recipient, please discard this e-mail immediately. We do not have any serious problems with our e-mail servers. If this is the tourism site again, please redirect these e-mails to major news organizations - and then delete.

Thank you,
US Air Force

FWIW...

[rickb928]

Mildenhall is the site of an RAF base, actually now a USAF base. Not totally random sending it to this recipient, where I could see them somehow mistaking one Mildenhall for another. But still dumb as a blade of grass.

Maybe they need a new mail server? FC7 should do, or something from IBM, all wrapped up in a pretty $MM mainframe?

sheesh...

Mildenhall Village

[Inda]

I laugh because this concerns little emails.

When I lived in the small Wiltshire village of Mildenhall, we often had convoys of military vehicles being misdelivered.

"Where's the air base?" the lead driver would ask.

"150 miles North East of here!" we'd all reply.

US Air Force is Not the First

[shking]

From 2001 to 2005, CIBC, a large Canadian bank [theglobeandmail.com] sent faxes containing customers' fund transfer requests to a West Virginia scrapyard. The faxes didn't stop until the bank was publicly embarrased in the national media.

Re:

[numbski]

Stargate geek.

.
.

.
.
.
.
.
.
.
.
.
.
crap.

I have call this one BS

[Perl-Pusher]

I spent 20 years in the Air Force. All DOD domains end in .mil not .com. We only have this persons word, didn't see one example. Flight plans via email. Crap! the DOD uses a device called KG-58 its an encryption device. The key is sent via courier every month. That is the only approved way to send any sensitive information.

"It had the notice 'Destroy by any means to prevent capture'," Right, that's absolute crap. One that is not the correct wording. Two its an electronic message, its on your hard drive. Did his computer explode after reading it? I'm sure there are idiots who sent things to his domain. But these just could not be official communications. There are way too many safeguards in place.

People from government ministry of finance offices in African Nations are always send me stuff too.

Lets see some real proof!

Re:

[DragonFodder]

I agree completely with you, wish I had mod points to give you.

and unless things have changed drastically in the years since I left the Air Force, all secure communications go across a dedicated network, in most cases that being a dedicate point to point comm line. Nothing of any official sensitive nature would go out on the civilian internet.

If this proves true, on the data, then there is someone looking for a courts martial offense in mis handling secret and above information.

Re:

[EdIII]

I was thinking it was BS. I have read an awful lot about the systems that the government is purported to be using.

It is so improbable that the information was even on systems that are connected to the public internet. Last time I checked, there was something called the IntelLink networks.

I know that there are a lot of security breaches, and I am not saying it does not happen, but there are secure networks in place for this type of communication to go across. The Air Force and other agencies have some pre

Re:

[BradleyUffner]

It is so improbable that the information was even on systems that are connected to the public internet. Last time I checked, there was something called the IntelLink networks

The secure network is known as the SIPRNET [wikipedia.org]

Re:I have call this one BS

[Asklepius M.D.]

First - the KY-58 (the KGs are a different series such as the 84, 94, and 194) is designed to encrypt radio traffic, not network data. Second, security standards HAVE changed drastically. The AF combined small computer networking (2E2) with crypto maintenance (2E3) some time ago with only limited retraining in infosec. Email is used and abused to a huge extent in the military while good crypto is too often seen as an annoyance - even for critical systems. Many of the old safeguards are gone as part of efforts to cut costs and manpower. Most of the REALLY important stuff is still adequately protected, but coming from an AF IT background, I would argue that this story is more than plausible. No matter how much we want them to be otherwise, the AF really is just another large bureaucracy with a small percentage of highly competent people who somehow make things function in a crisis despite the efforts of the majority.

Re:

[guisar]

So www.airforce.com is not a DoD site? (I was in the Air Force for 23 years) No kidding the USAF domain is .af.mil so what- it's the Air Force that addressed the email not mildenhall.com domain owner. There's lots of good IT support in the USAF and some dopes- like everywhere. I really doubt these emails were sent by IT personnel- more likely ops and public affairs neither of which are known for their inquisitive nature, careful planning or follow-up- not to mention tech savvy. Mistakes are made sure but no

Re:I have call this one BS

[stonewolf]

I own pendleton.com so any one who want to know who "stonewolf" is can now look me up :-) Pendleton.com is just to much like Pendleton.usmc.mil the domain for Camp Pendleton, the marine corp base.

When I fist got the domain I had all email to invalid addresses forwarded to my mail box. I quickly found that I was getting the orders of the day for Pendleton Marine Corp base. I replied to the email and was immediately removed from the list. Over the years I got all sorts of official and private email sent to and from the base. But, as far as I can tell *none of it was classified*. Any time I replied and pointed out the problem I got a swift apology and never got an email from that source again. The most fun I had with it was when I accidentally got on a mailing list for retired SIGINT officers. Talk about a great group of highly intelligent and creative people! I am so glad they are our side.

I figured out the the rewriting rules used by a lot of email systems would generate pendleton.com from many misspellings of pendleton.usmc.mil and there was nothing I could do about the problem. So, at first I lived with it.

I finally set up my mail to bounce invalid addresses. I did it because email was becoming more popular I started getting a lot of very private communications meant for Marines and I didn't feel right about invading peoples privacy that way. I have always had a deep respect for the US military and the Marine in particular.

I have to say that the US military can misaddress email as easily as anyone else. So, I believe that part of the story. But, I never saw anything that was even vaguely sensitive (even the SIGINT guys didn't talk about anything sensitive) in the several years I was getting email from the base. I do not believe that part of the story. The Marines were always courteous and on the ball. The kind of people where you can believe that if you looked on heavens scenes, you would find the streets are guarded by United States Marines.

Stonewolf

Re:

[ptbarnett]

I had the same problem when I used a catch-all address for my domain. However, what I usually received were email intended for mydomain.org.fr or mydomain.org.br. Since I don't speak Portuguese or French, I was never able to convince the senders of the error (it just continued).

I finally got rid of the catchall address after being blasted with "your message was rejected because we think it's spam". Some asshat spammer sent out a bunch of messages that were addressed From: random addresses in my domain.

The good old days of catchall addresses

[Animats]

Ah, the good old days of catchall addresses.

I own a .com domain which is the same as the ".co.uk" domain of a religious school in England. The kids mostly just mis-subscribed to mailing lists; I was getting multiple copies of promotional junk from bands. The e-mails between the staff were interesting, though.

I had to turn off the catchall addresses about five years ago. Dictionary attacks were overloading the spam filters.

Re:

[Aqualung812]

I agree that real, complete documents like what you are describing are not likely to be in those emails.

However, things like an email from a spouse that put .com instead of .mil on the following I CAN SEE:

To:spouse@airfarce.com

Honey, I know that you said Airforce One will be there all afternoon, but do you think I can still meet you for lunch?

Re:

[Rudolf]

All DOD domains end in .mil not .com.

What's this then?
http://www.airforce.com/ [airforce.com]

Looks real to me - is it fake?

Re:

[mojoNYC]

You may well be right, however, your certainty may be misplaced--after all, there are many safeguards in place to prevent 'losing' nukes, yet that's exactly what happened last summer at Minot AF base...

Re:

[theheadlessrabbit]

Now taking bets on which intelligence agency or terrorist organization will be the first to snap up the domain once it becomes available.

How can you tell the difference between the two?

Re:

[IBBoard]

One has intelligence, the other just collects it from other people ;)

Re:Quick fix

[WK2]

Yes. Or, they could not send sensitive information via email.

A Serious Answer

[argent]

Certainly nobody should send sensitive information unencrypted over non-secure channels, but it sounds like the biggest problem here was the volume of the traffic.

Didn't the DoD come up with the solution to this in the '80s? Remember the Orange Book?

That's the solution: you need mandatory access control when you're dealing with classified material. If you're sending material from a classified computer, or moving it from a classified zone on a compartmentalized computer system, then it should be encrypted au

Re:

[deniable]

You give them two email systems. One is internal ONLY and never routes to the outside world. The other (available only to those who really need it) is able to send stuff to the outside world.

IIRC, this is how the Australian Tax Office was doing things a decade ago. They're not the sharpest tools in the shed so you'd think the USAF could figure it out.