NORAD
There's a norad.com registered to some Florida web hosting service. I wonder whether they get any interesting mail?
Oh, look, www.centcom.com is also registered, to some non-military folks. This game could be fun!
A website promoting the town of Mildenhall has been shut down after it unintentionally became the recipient of hundreds of classified emails, including messages detailing the planned flight path of President Bush. Over more than a decade, www.mildenhall.com received emails detailing all kinds of secret military information …
For sale: Secrets, dirt cheap!
This would have simply been a bit of a nuisance if the military personel would use encryption on their emails. Thus, no secrets would be divulged. So why aren't any military personel getting their hands slapped? Why aren't the military's admins getting off their worthless duffs and doing their jobs about keeping things secure?
A cousin of mine was in the military, and in his unit there was a "red" network and a "green" network. These were physically divided, with the "red" network being only accessible in one room in the building. Sensitive information was kept on the "green" network, and was not placed on the "red" network's machines. Good security has to be enforced, and that includes serious consequences.
Sensitive information being sent in plain text over public networks ?
"So remember when you're feeling very small and insecure
How amazingly unlikely is your birth
And pray that there's intelligent life somewhere out in space,
Because there's bugger all down here on Earth"
Thank you mister Idle.
When you address something to "mildenhall", the mailer just adds the ".com" by default. The lazy id10ts in the US Air Force just thought that they should send to "mildenhall" and did so. Oh, we need to add something like ".af.mil" on the end has no meaning to them.
So much for passing the "internet" test. Maybe the military should get browsers/mailers that DON'T put in defaults (or at least have an option to do so). Add criticism of your mailer of choice here.
I've always known (since before birth, in fact) that the U.S. government was a bunch of incompetent, inept fools. But the DoD created ARPAnet which, in time, became the internet we now know and love/hate. So it seems somewhat ironic that the military can't even figure out the difference between .com and .mil, or figure out that sending classified information in unencrypted email isn't a good idea. Everyone found doing so should be severely sanctioned.
I was under the impression that DARPANet was still active in some form. If not, surely my tax money has been partially spent on an "Undernet" that the military sends sensitive and classified info on.
Apparently not. KP duty for all involved.
Jolly Roger because the lack of understanding of domain names has me feeling scurvy.
I can't help noticing that the Yanks' problem stems from the fact that back in the mists of time someone thought it would be a good idea to have a-national TLDs. The rest of the world seems to get by with, for instance, .co.uk but almost no one in America seems to be aware that national TLDs exist.
Now if they'd be really smart, back when they invented DARPANet they'd have ensured that all mis-directed emails were sent direct to .nsa.us for 'help' in 'forwarding' them to their 'correct' recipients.
God knows what the militaries of *other* nations are sending around out there... Of course, in the case of my original home country it's probably something about migrating polar bears and cases of beer.
jon
This is really scary:
1. Sensitive and secret information sent to a member of the public.
2. Sensitive and secret information sent to same member of public after being informed that said information was going outside the military.
3. Sensitive and secret information being sent by email in the first place.
I ask you, what sort of drooling idiots do the US Military employ? Do they breed them in special farms? Have they heard of Network Security?
As with all secure systems, they are only as secure as the weakest link, which is usually some new and underpaid slack-jawed yokel who has no training and/or don't give a damn. Only in this case, said yokel is wearing a uniform, and probably has easy access to weapons and ammunition.
Paris? Well, I'll leave it to you to work out.
AC at 2008 22:18 GMT: "Why didn't the guy just configure the site's mailserver to reject any emails that weren't for the addresses he actually used? The only reason I can think of is that he *wanted* to carry on receiving all that stuff."
There's one in every thread, right?
Maybe he couldn't be bothered to work on behalf of dimwits.
I, for one, suck in any e-mail addressed to nonexistent addresses on my domain, no bounces here, no sir. Though it doesn't get read, it just gets piped to /bin/true. You wouldn't believe the number of imaginary addresses spammers try, either.
Pirate icon because the old idea of luring passing ships into the stones is alive and well.
And these are the same wankers hired to protect us from the illusion of a terrorist hiding behind every tree , bush , power pole rock or garden fence in the land waiting for the signal to frag us at the earliest opportunity !
Say , where can I find the yellow brick road to run away from these wankers all , as I do not feel safe all of a sudden as they might get the itch to play "Thermo Nuclear War Games" for real !
Actaully, that would be Military Intelligence at work. Military Genius (and for that matter, Tactical planning) was when someone shot an F117 down with an unguided missile because said F117 took the same flight path after every singly bombing run.
That's Military genius on both sides, btw. The US side for not figuring out that that's a pretty bad idea (tm) even with a stealth jet. The opfor guys (can't remember who it was atm) for figuring out that even if you can't see it on radar and needn't bother firing IR seekers at it, you can still take it down with an unguided missile if you aim properly. The readers get to guess on which side the oxymoron is.
I get all sorts of stuff, mostly boring drivel like photos of people's babies, and last week someone called Jan signed me up at Hillary Clinton's website... wonderful! Some mildly interesting stuff like "Thankyou for your order of xxxx from zzzzzz" and yes, occasionally quite sensitive stuff too, An unencrypted, unpassworded Excel docs about some policy holders of an American health insurance company was probably the highlight :) At least the sender had the decency to apologise when I pointed out her snafu... Shame, I've never had anything marked Eyes Only, that would surely be a fun read...
Paris icon because even she can type an email address right (maybe).
whats the point of all this encryption when dullards are just sending it out to anyone that looks vaguely right.
And does Patriot Act stop this? Of course not and to think this is found by accident not some high level secret investigation. They are sending it out to anyone who looks familiar in adressing terms.
The weak point in any security is the user.
Flame? We're all going to hell in a handcart thats why!
OK, so US military personnel are responsible for this poor guy having to shut down his website as they put him on a spam list. I'd encourage him to seek legal advice as there is a direct cause and affect relationship between these dickless yanks behavio(u)r and the loss of a HUGELY profitable website plus a huge amount of time spent trying to bounce the dumbasses mail and deal with the not quite so dumbass spammers (at least they make money from it:-).
Coud be fun and several opportunities would present themselves:-
-Court discovery, publishing all the e-mails with great potential for love affair junk. Hey it's the land of Bill and Miss Screwinsky and NASA diapers (nappies).
-Bribery possibilities in relation to above.
-Crazy justifications, that launching spam at the UK aids in the U.S.'s war against terror as Osama can't resist joining in.
Anyhoo AC doesn't mean Anonymous Coward anymore we need some opportunistic lawyers round here.
-Which leads on to :-
@AC's comment-'Why didn't the guy just configure the site's mailserver to reject any emails that weren't for the addresses he actually used?'
I dunno running a potential tourism site, he might expect mail from people other than his neighbours, huh? I mean this AC must be some psychic twot, who can predict the addresses of all the mail he's going to get.
In closing the Go just to negate the AC's Stop and Doofus, doofus, doofus, sorry they were tearing at my fingers:-)
and hey I'm Stu so kiss my rounded posterior...come on, pucker up a bit :-P
"I dunno running a potential tourism site, he might expect mail from people other than his neighbours, huh? I mean this AC must be some psychic twot, who can predict the addresses of all the mail he's going to get."
I hope you're not a mailserver admin, because you obviously don't know the difference between From: and To:
If it was me after all that, I would have bodged a perl script to send all emails coming from the IP ranges in military emails (with very wide subnet to make sure and some other sanity rules) to a conspiracy black helicopter usenet group and forward the replies from people reading that group back to the senders. Eventually creating a conspiracy military loop where everything is true.
Some spam would come through but by that point it would be thought of as a stenography test to work out why a cat falling off a shelf is being posted after AirForce One flight paths.
"...to videos up to 15mb in size..." That shews the sophistication of the USA security forces: when you can compress an entire video into 15 millibits (say 1/67th of a bit) then you can claim to have done something really useful. This is presumably a new sort of video encoding that hasn't been made public yet---still a military secret. It'll make my video iPod look enormous when it is finally released.
"Surely he should have alerted MI5/6 instead?" .... By Anonymous Coward Posted Monday 3rd March 2008 23:23 GMT
One assumes that they were mentoring the situation, AC. If not, then they would be practically useless and unworthy of the Intelligence moniker...... which is always a possibility, no matter how unpalatable that may be, for there are precious few signs [some would say, no signs] that British Intelligence is Leading anything.
And although that could be desirable, because there is no Progress through Intelligence on the Ground, it is not present ...... just in case so smart ass says that they are Working and Leading ...but it is SuperStealthy and therefore unlikely to be widely known.
I have yet to figure out who the emails from the NHS hitting one of my domains are actually directed to
i considered selling the information they have sent, but i figure the NHS would just undercut me by losing a CD of data for a lower price
i wish i was kidding, but one of my unused domains from a failed project does get the occasional email from NHS senders, presumably to a company they work with by the corporate sounding domain but i can't find anything even similar that it could be destined to... just waiting until they send me some highly confidential medical records or something to forward to el reg...
makes you think just how widespread incompetence is, multiply how often it happens, with the number of different government departments sending confidential information, then figure out if you want to hand over your details to an ID card project run by these people - who i presume will be using the same top of the range security practices they currently use, emailing your details to "somewhere that might be the central server"
with Freedom Fighter George Tree or Scrub, some name like that.
Maybe he was sending the messages , and they hadn't explained about how that internet thing worked.
As the internet was invented by a Democrat, Mr.A. Gore , maybe it was left unsafe just to trap the simple Republican President.
Paris because she would get on well with him
Peace and Joy
Just want to say I am surprised.
Why haven't they sued him for Cyber squatting yet??
Seriously, If this happened to me, and I had told them what was happening and they did not sort it out; I'd start selling the less critical but still interesting stuff to the rags; err newspapers. Never can have enough money, just ask Bill.
One last thought, anyone visited Whitehouse.org I wonder what THEY find in their "In Box" ??
Owner is a friend of a friend, was amazed at the sort of information the yanks will share with everyone and not check that it going to the right place
Seems the guy wanted genuine mail address to him and some friends @sitename but did not want the whole us base to use his website, especially when they would never receive it :)
http://web.archive.org/web/20070328175245/http://www.mildenhall.com/
To read the whole site would have taken a good hour, but the site only partly archived it
> I, for one, suck in any e-mail addressed to nonexistent addresses on my domain,
> no bounces here, no sir. Though it doesn't get read, it just gets piped to /bin/true.
> You wouldn't believe the number of imaginary addresses spammers try, either.
Only problem that way is that as far as spammers are concerned the email was delivered correctly and possibly read ... as a result its a "good" email address for them to retry/sell etc which will do nothing to reduce the spam you have to process.
I have mine to send a standard "non-existant address" bounce to any email to my domain to a non-recognized username.
I had a Business grade ADSL line from BT provided by a company I worked for and along with it came a BT email address. Having more than enough accounts already I simply set and autoforward to my Yahoo junk account in case anything of interest came through.
A certain Airline (in the Americas) seem to use BT email addresses for all their business and someone in their PR has the same name as me and I got some wonderful emails through about new route planning and promos for journalists but unfortunately even though I patiently sent each one back to sender and on to the airline main address, I never got compensated. Would it have hurt them so much to reward me with a freebie flight?