Top secret US military files available on line
Numerous US military documents, some of which have critical strategic importance, have been found on publicly accessible ftp servers. Researchers at Associated Press (AP) have announced that over a period of several weeks they were able to download files relating to Iraq including plans for the new US Embassy in Baghdad, aerial surveys of military airfields and detailed plans of a detainee facility. Some of the most sensitive information found by AP included details of security vulnerabilities at a contingency operating base, security features at Tallil Air Base and plans of a military fuelling facility. Some files were apparently password protected, but in one case the password was given in another document on the same server.
This is apparently a widespread problem. AP named more than half a dozen government departments and contractors from whom they had obtained publicly accessible classified material in this way, including the National Geospatial Intelligence Agency (NGA), Los Alamos National Laboratory and Benham Companies LLC, a major military and infrastructure contractor. It is not new either. Danny Allen, director of security research at web security company Watchfire, told AP that he has been observing this kind of leak for more than a decade.
When asked for his views, Bruce Schneier called the leaks "a sloppy user mistake" - an understatement of monumental proportions. But the inference that the implementation of security for such critical material should be left to "users" seems a fundamental error. There is no lack of established technologies that could have prevented these leaks, from file encryption to strong authentication and VPN access. All the sites discovered by AP were taken down or "password protected" soon after. Some agencies have apparently pledged to implement other unspecified security measures as well, but it remains questionable whether the public internet is the optimum medium for sharing such sensitive information unless protected by exceptionally strong technical measures at several levels.
(mba)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
