And Just Why Are Military Officials Sending Top Secret Info Over Email?
from the just-wondering dept
The Register has a story about how the guy who ran the website mildenhall.com (which promoted the village of Mildenhall in the UK) has completely shut down the website following pressure received from US officials after they discovered that emails intended for Air Force personnel at the Mildenhall Air Force base (who uses the domain mildenhall.af.mil) were being misdirected to the owner of the .com site. We've seen similar stories of misdirected emails in the past, so perhaps this isn't a huge surprise. In fact, a similar issue may have opened up the Justice Department to one of its big scandals last year, when emails intended for addresses at whitehouse.gov were sent instead to whitehouse.org. However, the question remains why anyone is sending top secret info, such as the whereabouts of President Bush as well as battlefield strategies and passwords, over unsecured email accounts in the first place? Isn't the military supposed to keep those things off the main grid?Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: domain name, email, mildenhall, military base
Reader Comments
Subscribe: RSS
View by: Time | Thread
The wars of today
[ link to this | view in chronology ]
"Uh, are you the owner of mildenhall.com? Yeah... we're gonna have to ask you to take down your site. Why? Because we employ a bunch of retards. Also, we'd like to please ask you to forget about that secret list of WoW, Second Life and Eve-Online suspected terrorists we sent you. (That bastard luvspoontang who killed my paladin is gonna pay.) Anyway, we realize that we have absolutely no right to ask this of you, but do take down your site. If you don't, we'll make your life hell with all kinds of costly law suits. You won't be able to afford an Internet connection, much less run a site."
::5 minutes of laughter:: "You're serious? I realize that you can't see me flipping you off through the phone, but I'm doing it anyway." ::click::
~Brian, who loves seeing his tax dollars at work.
[ link to this | view in chronology ]
Re:
I think it would be more like:
"You are operating mildenhall.com specifically to confuse military personel"
"Look ol' chap, Mildenhall is a village in the UK..."
"In addition, you are stealing secret military communications in direct violation of US and military law. The lives of Marines are at risk. MARINES!! You low-life. You won't survive the first hour of boot camp."
"See here my good man, I am not subject to..."
"We risk our lives to save your worthless hide, to protect your precious rights."
"Yes, but..."
"Surrender it now!"
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Wanted: IT Professionals in the Government
It doesn't take much for information to get out so I guess that's why we have encryption? Right?
I say hire more people that know what they are doing...
I would gladly pay taxes for that...
[ link to this | view in chronology ]
Let's try reading before commenting ...
Now, to the meat of the article. Mike is right, this info is supposed to kept off the main grid. Just like everything else, once you add humans to the equation then anything can happen. What I'd like to see is the USAF request any addresses that sent classified info from the site's owner. Then, immediately suspend those accounts, provide refresher training, and review whether or not the individuals still need access to the off-grid systems.
[ link to this | view in chronology ]
Re: Let's try reading before commenting ...
Therefore I can actually see a very likely correlation indeed between numbers of moronic service men sending you mail and the corresponding amount of spam
But like you I read the article and the bit that got me was
"Sinnott says he brought the SNAFU to the attention of Air Force officials but was never able to get the problem fixed. At first, they didn't seem to take the matter seriously, but eventually, they "went mental," he said. Officials advised Sinnott to block unrecognizable addresses from his domain and set up an auto-reply reminding people of the address for the official air force base"
Translated: "The solution to our national security problem is for you (a foreign citizen) to do stuff for free and fix the problem for us"
Genius
So basically all the corporatly or privatly owned domain names such as whitesands.com should do the same thing?
That makes so much more sense than USAF applying proper security precautions and policies in their own system
I don't know about anybody else but I'm going looking for any unused domain names that sound like US Forces bases - anyone interested in US Military secrets should contact me in a few weeks at Area41.com
Just hope I get the domain names before Achmed does it himself
[ link to this | view in chronology ]
I wouldnt
[ link to this | view in chronology ]
Sounds like deja vu
Over the next 4 years, I'd get emails intended for them from people (some of them in the company in question) who forgot to type the '-inc' part. I would politely return each one with a note saying "Perhaps you meant to type..." and include all the attachments I had mistakenly received. Attachments like meeting minutes, schedules and draft proposals. Eventually they contacted me and we did negotiate the sale of the name. First (and last, so far) domain name I ever sold.
Oh, the company was a computer security firm.
[ link to this | view in chronology ]
LMAO
GET A CLUE. Standard email is not secure you might as well broadcast it over a loudspeaker or write it on a postcard.
[ link to this | view in chronology ]
The NIPRNET is useless
As for the military's OTHER messaging system... well... it's freakin horrid to use, and noone would want to use that unless it an official message.
So the military has two options. Use COTS email as best as they can (and punish users when they mess up), or stick with decades old technology. Which would you decide?
[ link to this | view in chronology ]
That's why...
Well, in that case they deserve what they get.
[ link to this | view in chronology ]
Re: That's why...
Of course, if it is in any way a hassle to use you can bet people will just resort to using any one of the plethora of free web-based email providers.
[ link to this | view in chronology ]
I would think the gov't could do this as well.
[ link to this | view in chronology ]
how ironic
[ link to this | view in chronology ]
the information is still encrypted
Oh and you can't "keep it off the grid" the government does not run a global telcom company it simple encrypts its information.
[ link to this | view in chronology ]
Perhaps they should use an address book
[ link to this | view in chronology ]
In defense of my fellow Airmen
Remember though there are 4 different services, 6 geographic commands, over 1 million dedicated users, and the system is constantly under attack by nations I shouldn't need to name. A little different then the small business with 50 employees, or the fortune 500 with several thousand employees.
[ link to this | view in chronology ]
Re: In defense of my fellow Airmen
That being said, that doesn't excuse the fact that these people don't know who they're sending email to, or their response to the guy running the UK site. Encryption is honestly not that difficult to implement, and should be mandatory for any confidential US government email.
[ link to this | view in chronology ]
mildenhall suffolk england
[ link to this | view in chronology ]
Right
And for all of you boobs out there assuming that all classifications of government emails are sent over the non-secure internet, thanks for proving that people still talk out of their a$$ without knowing anything.
[ link to this | view in chronology ]
Responses
@KenM -- Read the articles. The details provided make it clear that some info was sent over the non-secure network, and that it wasn't encrypted. Who's the boob, now?
The fact of the matter is that this happens. Whether it's to avoid the hassles resulting from the security, or it's people that aren't tech-savvy (older people, or just people that only use computers at work/for email & internet), it's happening. Sticking your head in the sand (knowitall & KenM) doesn't make it go away.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
PGP? GPG? Hello?!
Are you honestly telling me that no one here or in the Militerry has heard of PGP, or the GNU implementation, GPG?? I've trained artists and mothers to use Thunderbird+Enigmail to encrypt their e-mails on a regular basis. People who don't understand why they shouldn't use Internet Explorer as a browser, get why PGP is good! Everyone involved with these "leaks" is obviously an idiot.
[ link to this | view in chronology ]