back to article US government forces military secrets on Brit webmaster

A website promoting the town of Mildenhall has been shut down after it unintentionally became the recipient of hundreds of classified emails, including messages detailing the planned flight path of President Bush. Over more than a decade, www.mildenhall.com received emails detailing all kinds of secret military information …

COMMENTS

This topic is closed for new posts.

Page:

  1. Carlo Graziani

    NORAD

    There's a norad.com registered to some Florida web hosting service. I wonder whether they get any interesting mail?

    Oh, look, www.centcom.com is also registered, to some non-military folks. This game could be fun!

  2. Carlo Graziani

    But Wait, There's More...

    ...and cia.com, and nsa.com, and if you Brits are feeling left out, some guy in Korea has registered gchq.com...

  3. Brian Miller

    Hint for military personel: use encryption!

    For sale: Secrets, dirt cheap!

    This would have simply been a bit of a nuisance if the military personel would use encryption on their emails. Thus, no secrets would be divulged. So why aren't any military personel getting their hands slapped? Why aren't the military's admins getting off their worthless duffs and doing their jobs about keeping things secure?

    A cousin of mine was in the military, and in his unit there was a "red" network and a "green" network. These were physically divided, with the "red" network being only accessible in one room in the building. Sensitive information was kept on the "green" network, and was not placed on the "red" network's machines. Good security has to be enforced, and that includes serious consequences.

  4. Anonymous Coward
    Black Helicopters

    On behalf of the USofA

    I humbly say, "sorry, chaps". We're not all lunatics over on our side of the pond.

    I did just finish watching the HBO min-series on Elizabeth I. I'll say no more...

  5. Anonymous Coward
    Alien

    My flabber is so gasted !

    Sensitive information being sent in plain text over public networks ?

    "So remember when you're feeling very small and insecure

    How amazingly unlikely is your birth

    And pray that there's intelligent life somewhere out in space,

    Because there's bugger all down here on Earth"

    Thank you mister Idle.

  6. Nev
    Black Helicopters

    Drudge Report

    How about giving the domain to drudgereport.com and see if he's as willing to publish a "world exclusive" about his commander-in-chief's flightpath as he was the deployment detail of that Prince.

  7. Herby

    Probable reason...

    When you address something to "mildenhall", the mailer just adds the ".com" by default. The lazy id10ts in the US Air Force just thought that they should send to "mildenhall" and did so. Oh, we need to add something like ".af.mil" on the end has no meaning to them.

    So much for passing the "internet" test. Maybe the military should get browsers/mailers that DON'T put in defaults (or at least have an option to do so). Add criticism of your mailer of choice here.

  8. Grumous
    Stop

    ENCRYPT!

    The phrase "military-grade encryption" is banned forthwith, except for references to pig Latin and ROT13.

  9. Chris iverson
    Coat

    damn

    could bother to check the address could they

    my Tax $'s at work more or less

  10. Geoff Mackenzie

    Fantastic!

    I would have assumed they would manage to send such critical information by a relatively secure and private method, but they can't even manage to send it to the right address! That's just priceless.

  11. Leigh Smith

    Typical

    Gary should thank his lucky stars that they haven't demanded his head for circumventing US national security because the UK government would have handed him over without a fuss.

  12. Chris C

    Ineptitude to the inifinite power

    I've always known (since before birth, in fact) that the U.S. government was a bunch of incompetent, inept fools. But the DoD created ARPAnet which, in time, became the internet we now know and love/hate. So it seems somewhat ironic that the military can't even figure out the difference between .com and .mil, or figure out that sending classified information in unencrypted email isn't a good idea. Everyone found doing so should be severely sanctioned.

  13. andy
    Black Helicopters

    "gave his address to spammers."

    "gave his address to spammers."

    C*nts... Lucky it wasn't me, i'd have got my own back by selling anything that came through to Iran and China...

  14. Chris Price
    Pirate

    Uhhh....

    I was under the impression that DARPANet was still active in some form. If not, surely my tax money has been partially spent on an "Undernet" that the military sends sensitive and classified info on.

    Apparently not. KP duty for all involved.

    Jolly Roger because the lack of understanding of domain names has me feeling scurvy.

  15. Anonymous Coward
    Coat

    And the flipside...

    There is, or used to be, a porn magazine called Whitehouse.

    With a website.

    Yes, people got confused.

  16. Anonymous Coward
    Stop

    Seems bogus to me

    Why didn't the guy just configure the site's mailserver to reject any emails that weren't for the addresses he actually used? The only reason I can think of is that he *wanted* to carry on receiving all that stuff.

  17. Anonymous Coward
    Anonymous Coward

    Well if you hadn't insisted that .us was useless...

    I can't help noticing that the Yanks' problem stems from the fact that back in the mists of time someone thought it would be a good idea to have a-national TLDs. The rest of the world seems to get by with, for instance, .co.uk but almost no one in America seems to be aware that national TLDs exist.

    Now if they'd be really smart, back when they invented DARPANet they'd have ensured that all mis-directed emails were sent direct to .nsa.us for 'help' in 'forwarding' them to their 'correct' recipients.

    God knows what the militaries of *other* nations are sending around out there... Of course, in the case of my original home country it's probably something about migrating polar bears and cases of beer.

    jon

  18. Mad Hacker
    Flame

    so the fact they are sending classified emails in cleartext isn't a concern?

    Seems they are focusing on the wrong issue here.

  19. Anonymous Coward
    Paris Hilton

    The old joke about military intelligence?

    This is really scary:

    1. Sensitive and secret information sent to a member of the public.

    2. Sensitive and secret information sent to same member of public after being informed that said information was going outside the military.

    3. Sensitive and secret information being sent by email in the first place.

    I ask you, what sort of drooling idiots do the US Military employ? Do they breed them in special farms? Have they heard of Network Security?

    As with all secure systems, they are only as secure as the weakest link, which is usually some new and underpaid slack-jawed yokel who has no training and/or don't give a damn. Only in this case, said yokel is wearing a uniform, and probably has easy access to weapons and ammunition.

    Paris? Well, I'll leave it to you to work out.

  20. Anonymous Coward
    Anonymous Coward

    WTF?

    Why would they send the presidents flight path and battlefield strategies, passwords, etc in email? Email is the least secure application. I assume these are unsigned and unencrypted if the guy at .com is able to read them.

  21. Christoph

    Security theatre

    When Bush goes on a foreign visit they impose ludicrous security. Even in a friendly country they close down large chunks of the local city while he's driving through.

    Ad then they send details of his movements in unencrypted email to the wrong address?

  22. Anonymous Coward
    Pirate

    Guilty of receiving mail not addressed to him?

    AC at 2008 22:18 GMT: "Why didn't the guy just configure the site's mailserver to reject any emails that weren't for the addresses he actually used? The only reason I can think of is that he *wanted* to carry on receiving all that stuff."

    There's one in every thread, right?

    Maybe he couldn't be bothered to work on behalf of dimwits.

    I, for one, suck in any e-mail addressed to nonexistent addresses on my domain, no bounces here, no sir. Though it doesn't get read, it just gets piped to /bin/true. You wouldn't believe the number of imaginary addresses spammers try, either.

    Pirate icon because the old idea of luring passing ships into the stones is alive and well.

  23. Rick
    Gates Horns

    very simple explination

    the lazy bums in the military are using M$ outlook at their email client and the idiots probably have autocomplete set up which is defaulting to .com.....Military Genius at work!!!!

    >/the picture if you scroll over says it all...

  24. heystoopid
    Paris Hilton

    And these

    And these are the same wankers hired to protect us from the illusion of a terrorist hiding behind every tree , bush , power pole rock or garden fence in the land waiting for the signal to frag us at the earliest opportunity !

    Say , where can I find the yellow brick road to run away from these wankers all , as I do not feel safe all of a sudden as they might get the itch to play "Thermo Nuclear War Games" for real !

  25. Remy Redert

    @Rick

    Actaully, that would be Military Intelligence at work. Military Genius (and for that matter, Tactical planning) was when someone shot an F117 down with an unguided missile because said F117 took the same flight path after every singly bombing run.

    That's Military genius on both sides, btw. The US side for not figuring out that that's a pretty bad idea (tm) even with a stealth jet. The opfor guys (can't remember who it was atm) for figuring out that even if you can't see it on radar and needn't bother firing IR seekers at it, you can still take it down with an unguided missile if you aim properly. The readers get to guess on which side the oxymoron is.

  26. Jeremy
    Paris Hilton

    As the owner of a relatively simple Gmail address...

    I get all sorts of stuff, mostly boring drivel like photos of people's babies, and last week someone called Jan signed me up at Hillary Clinton's website... wonderful! Some mildly interesting stuff like "Thankyou for your order of xxxx from zzzzzz" and yes, occasionally quite sensitive stuff too, An unencrypted, unpassworded Excel docs about some policy holders of an American health insurance company was probably the highlight :) At least the sender had the decency to apologise when I pointed out her snafu... Shame, I've never had anything marked Eyes Only, that would surely be a fun read...

    Paris icon because even she can type an email address right (maybe).

  27. Anonymous Coward
    Coat

    RE: And the flipside...

    I could certainly understand the confusion while Clinton was in office

    Mine's the one with the stain on the lapel and the cigar in the pocket

  28. Anonymous Coward
    Anonymous Coward

    Wrong people to alert...

    Surely he should have alerted MI5/6 instead?

    They would likely have happily devoted resources to taking out the military stuff for him on an ongoing basis. ;->

  29. George
    Flame

    From the people who brought you the Patriot Act...

    whats the point of all this encryption when dullards are just sending it out to anyone that looks vaguely right.

    And does Patriot Act stop this? Of course not and to think this is found by accident not some high level secret investigation. They are sending it out to anyone who looks familiar in adressing terms.

    The weak point in any security is the user.

    Flame? We're all going to hell in a handcart thats why!

  30. Stuart
    Go

    Where are the Ambulance Chasers??:- AC acronym now ruined

    OK, so US military personnel are responsible for this poor guy having to shut down his website as they put him on a spam list. I'd encourage him to seek legal advice as there is a direct cause and affect relationship between these dickless yanks behavio(u)r and the loss of a HUGELY profitable website plus a huge amount of time spent trying to bounce the dumbasses mail and deal with the not quite so dumbass spammers (at least they make money from it:-).

    Coud be fun and several opportunities would present themselves:-

    -Court discovery, publishing all the e-mails with great potential for love affair junk. Hey it's the land of Bill and Miss Screwinsky and NASA diapers (nappies).

    -Bribery possibilities in relation to above.

    -Crazy justifications, that launching spam at the UK aids in the U.S.'s war against terror as Osama can't resist joining in.

    Anyhoo AC doesn't mean Anonymous Coward anymore we need some opportunistic lawyers round here.

    -Which leads on to :-

    @AC's comment-'Why didn't the guy just configure the site's mailserver to reject any emails that weren't for the addresses he actually used?'

    I dunno running a potential tourism site, he might expect mail from people other than his neighbours, huh? I mean this AC must be some psychic twot, who can predict the addresses of all the mail he's going to get.

    In closing the Go just to negate the AC's Stop and Doofus, doofus, doofus, sorry they were tearing at my fingers:-)

    and hey I'm Stu so kiss my rounded posterior...come on, pucker up a bit :-P

  31. Anonymous Coward
    Happy

    that didn't take long

    Acting on your tip the millhaven.us domain was snapped up 20 minutes ago - an "Under the Desk" lad in London....

  32. Anonymous Coward
    Coat

    Suprised?

    These are the guys who regularly have trouble differentiating between TLDs. Confusing .iq with .pk for instance :-P

    It's the bomb-proof one thanks.

  33. Anonymous Coward
    Paris Hilton

    @Stuart

    "I dunno running a potential tourism site, he might expect mail from people other than his neighbours, huh? I mean this AC must be some psychic twot, who can predict the addresses of all the mail he's going to get."

    I hope you're not a mailserver admin, because you obviously don't know the difference between From: and To:

  34. lglethal Silver badge
    Joke

    Lets Face it...

    Anyone DUMB enough to WILLINGLY put themselves in front of people who want to kill them at the first opportunity probably isnt the most tuned-in person in the world.

  35. Anonymous Coward
    Jobs Horns

    Evil

    If it was me after all that, I would have bodged a perl script to send all emails coming from the IP ranges in military emails (with very wide subnet to make sure and some other sanity rules) to a conspiracy black helicopter usenet group and forward the replies from people reading that group back to the senders. Eventually creating a conspiracy military loop where everything is true.

    Some spam would come through but by that point it would be thought of as a stenography test to work out why a cat falling off a shelf is being posted after AirForce One flight paths.

  36. Captain DaFt
    Alert

    Two words for this

    Peter Principle:

    NOUN: The theory that employees within an organization will advance to their highest level of competence and then be promoted to and remain at a level at which they are incompetent.

    Nothing explains Military intelligence* better!

    *The ultimate oxymoron

  37. Chris Hobbs

    Video Compression at its best

    "...to videos up to 15mb in size..." That shews the sophistication of the USA security forces: when you can compress an entire video into 15 millibits (say 1/67th of a bit) then you can claim to have done something really useful. This is presumably a new sort of video encoding that hasn't been made public yet---still a military secret. It'll make my video iPod look enormous when it is finally released.

  38. amanfromMars Silver badge
    Alien

    Need to Know.... The Ultimate Cop Out for Serial Incompetents ....in Dirty Tricks?

    "Surely he should have alerted MI5/6 instead?" .... By Anonymous Coward Posted Monday 3rd March 2008 23:23 GMT

    One assumes that they were mentoring the situation, AC. If not, then they would be practically useless and unworthy of the Intelligence moniker...... which is always a possibility, no matter how unpalatable that may be, for there are precious few signs [some would say, no signs] that British Intelligence is Leading anything.

    And although that could be desirable, because there is no Progress through Intelligence on the Ground, it is not present ...... just in case so smart ass says that they are Working and Leading ...but it is SuperStealthy and therefore unlikely to be widely known.

  39. Anonymous Coward
    Stop

    this is not the only case

    I have yet to figure out who the emails from the NHS hitting one of my domains are actually directed to

    i considered selling the information they have sent, but i figure the NHS would just undercut me by losing a CD of data for a lower price

    i wish i was kidding, but one of my unused domains from a failed project does get the occasional email from NHS senders, presumably to a company they work with by the corporate sounding domain but i can't find anything even similar that it could be destined to... just waiting until they send me some highly confidential medical records or something to forward to el reg...

    makes you think just how widespread incompetence is, multiply how often it happens, with the number of different government departments sending confidential information, then figure out if you want to hand over your details to an ID card project run by these people - who i presume will be using the same top of the range security practices they currently use, emailing your details to "somewhere that might be the central server"

  40. Michael
    Coat

    to quote mel gibson

    I wish you wouldn't use the word "intelligence" to describe what it is you do.....

    Dont suppose theres a taliban.com somewhere???

    Mine's the strait- jacket please.

  41. Bruce Sinton
    Paris Hilton

    The Buck stops

    with Freedom Fighter George Tree or Scrub, some name like that.

    Maybe he was sending the messages , and they hadn't explained about how that internet thing worked.

    As the internet was invented by a Democrat, Mr.A. Gore , maybe it was left unsafe just to trap the simple Republican President.

    Paris because she would get on well with him

    Peace and Joy

  42. Anonymous Coward
    Black Helicopters

    Here is a title as the REG server gets upset if you dont have one.

    Just want to say I am surprised.

    Why haven't they sued him for Cyber squatting yet??

    Seriously, If this happened to me, and I had told them what was happening and they did not sort it out; I'd start selling the less critical but still interesting stuff to the rags; err newspapers. Never can have enough money, just ask Bill.

    One last thought, anyone visited Whitehouse.org I wonder what THEY find in their "In Box" ??

  43. Steve Liddle
    Unhappy

    Still on the Internet Archive

    Owner is a friend of a friend, was amazed at the sort of information the yanks will share with everyone and not check that it going to the right place

    Seems the guy wanted genuine mail address to him and some friends @sitename but did not want the whole us base to use his website, especially when they would never receive it :)

    http://web.archive.org/web/20070328175245/http://www.mildenhall.com/

    To read the whole site would have taken a good hour, but the site only partly archived it

  44. Anonymous Coward
    Anonymous Coward

    @Guilty of receiving mail not addressed to him?

    > I, for one, suck in any e-mail addressed to nonexistent addresses on my domain,

    > no bounces here, no sir. Though it doesn't get read, it just gets piped to /bin/true.

    > You wouldn't believe the number of imaginary addresses spammers try, either.

    Only problem that way is that as far as spammers are concerned the email was delivered correctly and possibly read ... as a result its a "good" email address for them to retry/sell etc which will do nothing to reduce the spam you have to process.

    I have mine to send a standard "non-existant address" bounce to any email to my domain to a non-recognized username.

  45. MikeC

    @ On behalf of the USofA

    This TV show with Eliabeth I...it wasn't called Blackader was it?????

  46. Busted
    Alert

    What do you expect?

    This is the same lot that can't even distinguish between friend and foe on the battlefield what chance have they got with a simple domain name.

  47. Kevin Johnston

    Misdirection

    I had a Business grade ADSL line from BT provided by a company I worked for and along with it came a BT email address. Having more than enough accounts already I simply set and autoforward to my Yahoo junk account in case anything of interest came through.

    A certain Airline (in the Americas) seem to use BT email addresses for all their business and someone in their PR has the same name as me and I got some wonderful emails through about new route planning and promos for journalists but unfortunately even though I patiently sent each one back to sender and on to the airline main address, I never got compensated. Would it have hurt them so much to reward me with a freebie flight?

  48. Anonymous Coward
    Black Helicopters

    Data

    At least our Government just looses data, it seems theirs likes to give it away.

    And I would have just set up another site to post the contents of the e-mails to. After all I've not signed any US official secrets act and they kept gaving the information out even after being told about it.

  49. Anonymous Coward
    Alert

    Didn't take long!

    Didn't take long - someone in Walthamstow has now registered mildenhall.us. Nothing worth looking at there but I'd recommend caution if you are tempted to take a look, definitely NSFW!

  50. Anonymous Coward
    Anonymous Coward

    But didn't

    the people who were supposed to be receiving these mails ever notice that they weren't getting e.g. the expected flight plan for Air Force 1? Or were the senders sending out to a nice long list of possibly incorrect addresses?

Page:

This topic is closed for new posts.