back to article US nuclear weapon bunker security secrets spill from online flashcards since 2013

Details of some US nuclear missile bunkers in Europe, which contain live warheads, along with secret codewords used by guards to signal that they’re being threatened by enemies, were exposed for nearly a decade through online flashcards used for education, but which were left publicly available. The astonishing security …

  1. ShortLegs

    Ah, siteguard

    The memories of SiteGuard in BAOR during th 1980's. A week of being very tired, and very bored.

    And astounded as the average US serviceman's inept weapon handling, as characterised by the individual who followed the QRF out with a 66mm AT to the first response position; a narrow sanbagged area just wide enough to squeeze down whilst in CEFO, with a wall behind it....

    1. bpfh

      Re: Ah, siteguard

      That’s called an own-goal, no? And as for being tired…. “Exhausting” I think is the correct term…

      <shudder>

    2. Anonymous Coward
      Anonymous Coward

      Re: Ah, siteguard

      I'm generally unimpressed by US people compared to UK ones. I once sat in a meeting which turned into the sort of "eyes only" I was not cleared for but the US chaps present would have just waffled on if I had not stopped them and then removed myself.

      Here's a tip on handling secrets: the fewer you know, the fewer you can leak, even by accident, and the fewer you can be accused of divulging. This is why it's always a good idea to try to brief people from public sources, a trick I picked up from a now retired Colonel.

      This becomes double important if you have to brief politicians because they're like colanders when it comes to secrecy - if it suits them politically they'll be on the phone to their buddies in the press before you have even left the room, so by sticking to public data you avoid both disclosure and accusations.

      Handling secrets isn't that hard. Keeping them is harder.

      1. Anonymous Coward
        Anonymous Coward

        Re: Ah, siteguard

        If, hypothetically, I had a clearance, one of the most valuable things I would have learned from a colleague (if I had one, obviously) was to avoid curiosity. Yes, I hypothetically may have gone interesting alleged places and spent, conceptually, some time in rumored facilities that one might infer existed, but the amount of sensitive information the alleged author might have hypothetically ingested is minimal, if it existed at all, which it might not.

        My favorite situation (hypothetically speaking, etc) is where those "read in" to a site can say less about it than the local officials, because of shared facilities and "channels".

        1. Anonymous Coward
          Anonymous Coward

          Re: Ah, siteguard

          We've all been in those situations where the "shape of the hole" in the information publicly available is obvious and there have been leaks in the media (of objectives and codewords) so you're able to have an almost productive information while your 'read-in' colleague can't say anything at all or even nod at the right points.

          "so hypothetically, if someone needed to do X, how would you personally approach the problem?"

          "if this was going to happen, would you know who's likely to be involved with it and, if so, let them know about a possible conflict with project Y"

          1. Grinning Bandicoot

            Matryoshka

            When mattryoshka is your policy, you suspect others of being of the same mind. I've seen on other sites that the Soviet shuttle version, Buran, was created because Senior Soviet military could not believe that the Yankee statements of purpose about Space Shuttle. The Son Tay POW camp raid was leaked the Buz Sawyer graphic strip probably to test the water before the official announcement. Before Operation Eagle Claw I watched aircraft where the official pronouncement of no such aircraft existed practice low level cargo extractions. These fell outside of the official clearance path but without any documentation any 'talk' is just fodder for social media.

            MORAL: Don't get involved with the clearance process and watch what disappears from view or gets obfuscated and from build your picture with clear conscious. But forget not Matryoshka.

            1. bpfh

              Re: Matryoshka

              The "shape of the hole" is an interesting concept. I moved to France in 1991, and watching both British and French news about the latest goings on in Iraq, and was interesting to see that the different state media organisations had very different takes on the on-goings, and things reported in one country were totally avoided by the other and vice versa.

      2. Anonymous Coward
        Anonymous Coward

        Re: Ah, siteguard

        I'm from Barcelona.

  2. Mishak Silver badge

    Oops

    Need I say more?

  3. Yet Another Anonymous coward Silver badge

    Flashcards ?

    Why do I have a picture of little camo-clad heroes sitting cross legged in a circle around a sergeant, while he holds up a flash card and says

    "Now children who can tell me what kind of bomb this is ?"

    1. Anonymous Coward
      Anonymous Coward

      Re: Flashcards ?

      Similarly, I first thought that somehow the nucular secrets had been stegano- or otherwise encoded into a flashcard deck used by elementary school teachers or home-schooling parents.

    2. imanidiot Silver badge

      Re: Flashcards ?

      The average US army grunt isn't exactly known for his impressive brain powers. They're training methods are therefor often aimed at "lowest common denominator" and rather simplistic/childish.

    3. Anonymous Coward
      Anonymous Coward

      Re: Flashcards ?

      At least it wasn't a kahoot (i.e. "lets gamify learning by reducing it to short multiple choice snippets")

  4. elDog

    Staffing these sensitive sites with young people is also an invitation for fun

    Bellingcat link: https://www.bellingcat.com/news/2021/05/28/us-soldiers-expose-nuclear-weapons-secrets-via-flashcard-apps/

    Those young men (and some women) enjoy social media more than most.

    Bellingcat has taken good advantage of the carelessness of military and intelligence personnel as well as using openly available databases of private information.

    1. Blazde Silver badge
      Mushroom

      Re: Staffing these sensitive sites with young people is also an invitation for fun

      Great discussion of "inert nuclear bombs” in the link. Those are my all time favourite kind!

      1. Tim Hines

        Re: Staffing these sensitive sites with young people is also an invitation for fun

        Where's the earth shattering kaboom?

        1. slimshady76
          Joke

          Re: Staffing these sensitive sites with young people is also an invitation for fun

          Ask yer mum!

    2. Androgynous Cupboard Silver badge

      Re: Staffing these sensitive sites with young people is also an invitation for fun

      Bellingcat continue to impress, in a very big way. Hats off.

    3. imanidiot Silver badge

      Re: Staffing these sensitive sites with young people is also an invitation for fun

      I'm still very surprised (US) military personnel are even allowed to bring personal devices onto the base to begin with.

  5. Pascal Monett Silver badge

    “investigating the suitability of information shared via study flashcards"

    No. What they are investigating is who the hell thought it was a good idea to post military operational secrets online and why the frak did they not tell Google's robots to not index that.

    And that all boils down to : guys, it was last millenium. In this millenium, you still have soldiers who wear their FitBits in combat zones. Nobody understands the security risk of the Internet, but everybody can contribute.

    Is this supposed to be a surprise ?

    I think it'll take another hundred years before the military nails down the proper procedures.

    Either that, or 100,000 losses. It's a toss either way.

    1. Anonymous Coward
      Anonymous Coward

      Re: “investigating the suitability of information shared via study flashcards"

      I suspect the people posting it didn't know it was going online. I have noticed the young people today use their phone as a post-it note to grab logins, errors, logs etc. I'm guessing a bunch of these get synced online.

    2. ThatOne Silver badge

      Re: “investigating the suitability of information shared via study flashcards"

      > Nobody understands the security risk of the Internet

      If they don't even understand Internet's potential risk to their very own security, why would they care for stuff which doesn't even belong to them...

      It's the same "what could happen"/"nobody cares anyway" which excuses posting their most intimate details online for everybody to see, for all times. Convenience beats all other considerations, especially since in this case they don't really care for the stuff they are supposed to guard, they just go vaguely through the motions.

    3. John Brown (no body) Silver badge

      Re: “investigating the suitability of information shared via study flashcards"

      "No. What they are investigating is who the hell thought it was a good idea to post military operational secrets online and why the frak did they not tell Google's robots to not index that."

      There are sites out there full of questions and answers to specific online training courses. People do the training and take the exams and upload the details, screen-shots etc. Sometimes it's easy as typing the course name into Google and you can find all the answers to the exam you about to take. Or so a friend tells me.

      1. Diogenes

        Re: “investigating the suitability of information shared via study flashcards"

        why the frak did they not tell Google's robots to not index that."

        Because they are 3rd party quiz generation sites. I use a few of them for the classes I teach

  6. Anonymous Coward
    Devil

    I predict the response

    They will issue a new, enhanced, and at least an order of magnitude more expensive contract to one of their tried and true contractors to implement a flash card training system which can handle Sensitive Compartmented Information. They will shove it into the Black Budget with no oversight. We won't know anything about it until its data is left exposed to the public. And it will be.

    1. Anonymous Coward
      Anonymous Coward

      Re: I predict the response

      It will end up being the exact same vendor again.

      1 They are already a trusted vendor, so it will be easier to hire them again rather than get a new vendor vetted and added to the trusted vendor list (much less paper work).

      2 They are the people who are most familiar with the systems and the problem, which mean that getting up to speed will be fast and fully understanding the systems will be negligible compared to bringing a new vendor up to the same level of knowledge. And they are already familiar with all the internal billing and reporting systems.

      3 Problems just like this (<insert problem name here>), were already included in the initial budget request for the overall project, if they changed vendors that would initiate an investigation, red flags would be raised and a whole new budget submission would be required. And no one wants that level of paperwork.

      So it will be the people who caused the problem who will typically be tasked with fixing the problem. In reality there is very little incentive not to screw up, screwing up gets extra money for a vendor.

      1. You aint sin me, roit
        Trollface

        "We f*cked up this time, we've learnt our lesson..."

        "We'll f*ck up even better next time!"

        1. imanidiot Silver badge

          Re: "We f*cked up this time, we've learnt our lesson..."

          No, no.

          "We f*cked up and got caught this time, but we've learnt our lesson"

          "We'll make more effort not to get caught next time!"

  7. Kevin McMurtrie Silver badge

    Shhh!

    It's OK. The URL is secret and nothing links to it. It's not like some search engine monopoly gives away free browsers that record all typing in the URL bar.

  8. amanfromMars 1 Silver badge

    Strictly Need to Know ...SCI/Top Secret COSMIC Materiel/MkUltra Sensitive and Potentially Deadly

    Think of it this way: if you’re uploading sensitive data to a website that isn’t operated by or contracted to your company (or the government in this case), you probably shouldn’t do it. Particularly if you're guarding nuclear weapons. ....... Gareth Corfield

    Do governments operate websites and have proprietary intellectual property ownership of that which they host, or are they just remote proxy agents for the produce of others, which they may have made mutually beneficial positively rewarding arrangements to pay source for, in order to try and ensure continuity of great service, or do they more often try to virtually steal it and pirate it and profit from it themselves with the use and/or misuse and/or abuse of transformative information they have been provided with either directly from a source in any initial communication from such an agent, exploring exploitation of their needs for future seeds and feeds ..... or indirectly from information gleaned from source via communicative postings elsewhere to A.N.Others?

    To practice such latter shenanigans with particular regard to any NEUKlearer HyperRadioProACTive IT Class of Weaponry is an extremely costly mistake to make and expensive chance to take and lose, rather than win win in with sensible sensitive secure stealthy engagement and simple worthy payment to sources for services required and to be immediately readily supplied and fighting fit for future great and good purpose. You know, the exact sort of thing which the Ministry of Defence Digital Strategy for Defence [April 2021] are looking for, and presumably assuming there will be £billions made available to them to deliver.

  9. Phil O'Sophical Silver badge
    Mushroom

    secrecy

    If you drive around near Nantwich in the UK you'll find several brown tourist signs giving directions to the "Secret Nuclear Bunker". Always makes me laugh.

    1. Tim 49

      Re: secrecy

      There's one near Kelvedon too, with accommodation for 600 peeps. The "Prime Minister's Bedroom" room on one of the lower levels has a lifesize model of John Major propped up in the bed with a big grin. Couldn't see if Edwina was down there.

      The bunker's sewage plant could store considerable amounts in huge tanks, according to the signage. When full, compressed air would be used to eject the contents of the tanks upwards and outside via vents. I'd imagine that if you were one of the pissed-off proles trying to batter your way inside to safety, you'd have been even more enraged when the megaspats started to rain down.

    2. Paul Crawford Silver badge

      Re: secrecy

      Same in Scotland, usefully signposted...

    3. Timbo

      Re: secrecy

      "If you drive around near Nantwich in the UK you'll find several brown tourist signs giving directions to the "Secret Nuclear Bunker". Always makes me laugh."

      That's the one at Hack Green, which is open to the public too.

      And, to be fair, it is a decommissioned bunker and one that is very entertaining to visit, as there's quite a lot of old tech in there too...I've been there a couple of times and it's always interesting :-)

      There's another similarly signposted "secret nuclear bunker" near Kelvedon Hatch in Essex:

      https://secretnuclearbunker.com/

    4. Timbo

      Re: secrecy

      The Hack Green bunker is listed here:

      https://www.visitcheshire.com/things-to-do/hack-green-secret-nuclear-bunker-p30131

    5. Timbo

      Re: secrecy

      I made 2 posts about the bunker near Nantwich, but both are awaiting approval from the mods...been 22 hours now !

      I assume they are waiting as both contain the word "H A C K" as in H A C K Green which is where the bunker is ! (And this being a techy website so the above word might be on a "watch list" of unacceptable words...).

      Or maybe I'm just being observed by B I G B R O T H E R and his holding company ;-)

      I'll pop into MY bunker and keep my head down for now, just in case ;-)

      1. JudeK (Written by Reg staff)

        Re: Re: secrecy

        We did some work on our backend systems over the weekend, including article comments, and there were a few gremlins, which our tech team has fixed now.

        This meant some of you submitted a comment at the weekend and are only seeing it now. We’re sorry for the inconvenience.

        (The truth is: we heard the sound of a helicopter, and then a ceiling tile moved, and a shadowy figure silently rappelled down from the ceiling into Vulture HQ. They took our editor and stole our biscuits, and then I posted this as a response to Timbo's commennnn... NOOOOOOOOO! YOU'LL NEVER TAKE ME!)

  10. Conundrum1885

    Secret nuclear bunker

    We have one here. It was open to the public not so long ago but unfortunately missed it.

    1. Alan Brown Silver badge

      Re: Secret nuclear bunker

      I wouldn't classify being missed by a smelly brown megasplat as unfortunate

  11. Earth Resident

    The minute I read Bellingcat...

    I became skeptical. I will not accept that a corrupt, fake cutout of an investigative organization could accomplish anything worthwhile. Perhaps this bogus story is an attempt to burnish their Bona Fides?

  12. Anonymous Coward
    Anonymous Coward

    ... in Russian

  13. This post has been deleted by its author

  14. John H Woods

    And we wonder why ...

    ... the Russians are kicking our arses in "cyberspace"

    1. imanidiot Silver badge

      Re: And we wonder why ...

      To be fair "ze Russhians" are having similar issues and lots of operational details on their systems have similarly been leaked. This isn't strictly a US/western military problem.

  15. Mike 137 Silver badge

    Helluva choice of service

    Chegg " the leading student-first connected learning platform"

    With contractual liability limited to the greater of 6 months' subscription fees or $250, a specific disclaimer of warranty in respect of security and posting " information that poses or creates a privacy or security risk to any person;" listed as prohibited content.

    If it's a convenient online service, nobody, including apparently those responsible for our nuclear defense, ever reads the darned contract.

    1. Malcolm Weir

      Re: Helluva choice of service

      "Responsible" is doing a lot of heavy lifting in that last para!

      The flashcards are quite obviously from "kids" (people less than, say, 25) who are trying to complete their required training courses. They are, of course, in some way "responsible" for the security of the weapons (in that they're likely to be the ones holding the gun pointed at an intruder), but what this really shows is a management failure....

  16. Anonymous Coward
    Anonymous Coward

    Not Just Europe

    Nuclear weapons bunkers have been strewn across North America ever since the cold war 60s, specifically an Air Force Base tells the locals the base hosts only jet 'fighters', when those fighters were really fighter bombers designed to carry tactical nuclear weapons and each base had a series of "ammunition" bunkers that held the nukes.

  17. Anonymous Coward
    Anonymous Coward

    Mushroom shaped Cloud

    I recall an anecdote, told by a colleague who had just transferred from a UK military project about doing an online search to see if anyone had a reference architecture for the kind of thing they were doing and being surprised to see their own (most secret) documents show up. It turns out the programme manager had bought a new NAS drive for home which (this would have been about 2005) had the then new feature of backing up to cloud AND indexing for search engines. Everything presented to the client was now available through Google.

    1. Korev Silver badge
      Mushroom

      Re: Mushroom shaped Cloud

      Wouldn't that be a RNAS drive then?

      The cloud computing icon even though Fleet Air Arm haven't been allowed those toys for ages ->

  18. steelpillow Silver badge
    Big Brother

    Can't help wondering

    how many national security/spy agencies around the world have their own wayback machines

  19. jdiebdhidbsusbvwbsidnsoskebid Silver badge

    Really?

    Hmm, so first up, I've not actually read the Bellingcat article and appreciate the answer might be in there. But has anyone checked the information leaked and confirmed it's accuracy?

    It might be some deliberate misinformation designed to reveal an intruder. The alleged "stress words" might actually be words chosen to identify an intruder.

    Or, it might genuinely be an operational SNAFU, which is the simplest answer?

    1. imanidiot Silver badge

      Re: Really?

      Like anybody with actual clearance would ever confirm the data was real?

    2. Wim Ton
      Holmes

      Re: Really?

      Never attribute to malice that can be attributed to stupidity.

  20. This post has been deleted by its author

  21. Danny 2

    Put your foot in your mouth and then shoot yourself in your foot with a nuke

    UK Trident submarines can berth at a few ports, plus a dozen or so offshore "X berths". All at risk from enemy attack or domestic accident. Nearly two decades ago the government ordered the Royal Navy to draw up emergency plans to quell local fears at each location, which of course led to panic and anger.

    By then I was a well kent peace protester, albeit accidentally, and I attended the Skye Broadford bay RN public briefing. It was a crowded hall with folding chairs and by the time I arrived late the seats were full and scores of people were standing. The police and the RN were obviously waiting for me to do something, which sounds delusional but they escorted me to one one empty seat in the middle. All the navy bods looked directly at me as they were spraffing their PR spiel. I was just there to hear what was said, I said nothing, I did nothing. I hadn't planned to, and I didn't have to. The crowd got angrier on their own.

    To begin with the RN put up a map showing a five mile radius around Broadford bay X Berth from which everyone would be given anti-radiation tablets and evacuated to the local hospital in the event of an accident.

    One local asked, "How will we know?"

    "The police will drive around announcing it on loud speaker"

    "What about the deaf folk?"

    "Err..."

    "I've a question. You said you'd remove casualties to the hospital outside the danger zone. Have ye no looked at yer map the hospital is inside yer red circle?"

    "Errr..."

    Much fuming and gnashing of teeth, nearly an unplanned riot.

    Apparently the PR exercise went even worse at other X berth locations where locals had found out the history of numerous previous accidents that had led local police to say they would not participate in any clean-up.

  22. Bitsminer Silver badge

    Icon Request

    Slim Pickens as Major "King" Kong riding the Bomb down to Armageddon.

    Please.

  23. anothercynic Silver badge

    Standard really...

    If you want to be horrified by how the DoD and the US military deal with nuclear weapons (or anything related), I suggest you read Eric Schlosser's Command and Control (Amazon Kindle). It is... frightening to say the least. The amount of times this planet has come close to a massive nuclear blast other than a test is just a little too much.

  24. This post has been deleted by its author

  25. Danny Boyd

    So now...

    ... what was known to Russian and Chinese intelligence services for quite a long time, has become a general knowledge. Good for Western powers. Keep up a good job stepping on your d*ck!

  26. steelpillow Silver badge
    WTF?

    Blocked posts

    I have made three attempts to post here over the last four days; two remain in moderation, the third has no moderation notice but still has not been published. Can anybody explain what is going on here?

    1. JudeK (Written by Reg staff)

      Re: Blocked posts

      Hello steelpillow,

      We did some work on our backend systems over the weekend, including article comments, and there were a few gremlins, which our tech team has fixed now.

      This meant some of you submitted a comment at the weekend and are only seeing it now. We’re sorry for the inconvenience.

      Best

      Jude & the rest of the vultures @The Reg

  27. steelpillow Silver badge
    Big Brother

    Can't help wondering

    How many national security/spy agencies around the world have their own wayback machines.

    Or why the first copy of this post has sat awaiting moderation for over three days now, while other commentards are being accepted. If I have hit a nerve, then dithering is a fucking stupidly transparent way to cover up. And if I haven't hit a nerve, then WTF do our vultures think they are (not) doing - and why?

    1. JudeK (Written by Reg staff)

      Re: Can't help wondering

      We've had tech problems on comments over the weekend which our incredibly hardworking tech team has now ironed out.

      This team really, really, really cares about readers and serving the readers and we all especially want this space to be a good place to chew the fat.

      To be completely frank, this comment is the last thing any of us would want to read coming back from a long weekend.

      1. steelpillow Silver badge
        Pint

        Re: Can't help wondering

        Thanks, guys. I thought the obvious paranoia about redacting spooky truth (RIP Spooky Tooth) was a bit, uh, paranoid. May I offer you one of these icons. all round.

        1. JudeK (Written by Reg staff)

          Re: Re: Can't help wondering

          Thanks mate ー(  ̄▽ )_皿~~ much appreciated!

        2. Danny 2

          Re: Can't help wondering

          I use a free Proton Mail account. About two months ago I was spamming all my contacts because I was on a roll and had important information. None of my emails arrived, and they weren't in my outbox either.

          I've had run-ins with the security services so Occam's Razor. It took me a day or two to read the Proton Mail terms of service. 150 emails a day at most, and I'd hit that limit by noon. Not the security services, I was a victim of my own verbosity.

          I catch up with my first love via email, but yet she doesn't seem to receive what I write. She explained, "Well I read the first one then I just delete the next ones."

          I cancelled my internet partly to save money but mostly to lessen my addiction.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon