NORAD
There's a norad.com registered to some Florida web hosting service. I wonder whether they get any interesting mail?
Oh, look, www.centcom.com is also registered, to some non-military folks. This game could be fun!
A website promoting the town of Mildenhall has been shut down after it unintentionally became the recipient of hundreds of classified emails, including messages detailing the planned flight path of President Bush. Over more than a decade, www.mildenhall.com received emails detailing all kinds of secret military information …
For sale: Secrets, dirt cheap!
This would have simply been a bit of a nuisance if the military personel would use encryption on their emails. Thus, no secrets would be divulged. So why aren't any military personel getting their hands slapped? Why aren't the military's admins getting off their worthless duffs and doing their jobs about keeping things secure?
A cousin of mine was in the military, and in his unit there was a "red" network and a "green" network. These were physically divided, with the "red" network being only accessible in one room in the building. Sensitive information was kept on the "green" network, and was not placed on the "red" network's machines. Good security has to be enforced, and that includes serious consequences.
Sensitive information being sent in plain text over public networks ?
"So remember when you're feeling very small and insecure
How amazingly unlikely is your birth
And pray that there's intelligent life somewhere out in space,
Because there's bugger all down here on Earth"
Thank you mister Idle.
When you address something to "mildenhall", the mailer just adds the ".com" by default. The lazy id10ts in the US Air Force just thought that they should send to "mildenhall" and did so. Oh, we need to add something like ".af.mil" on the end has no meaning to them.
So much for passing the "internet" test. Maybe the military should get browsers/mailers that DON'T put in defaults (or at least have an option to do so). Add criticism of your mailer of choice here.
I've always known (since before birth, in fact) that the U.S. government was a bunch of incompetent, inept fools. But the DoD created ARPAnet which, in time, became the internet we now know and love/hate. So it seems somewhat ironic that the military can't even figure out the difference between .com and .mil, or figure out that sending classified information in unencrypted email isn't a good idea. Everyone found doing so should be severely sanctioned.
I was under the impression that DARPANet was still active in some form. If not, surely my tax money has been partially spent on an "Undernet" that the military sends sensitive and classified info on.
Apparently not. KP duty for all involved.
Jolly Roger because the lack of understanding of domain names has me feeling scurvy.
I can't help noticing that the Yanks' problem stems from the fact that back in the mists of time someone thought it would be a good idea to have a-national TLDs. The rest of the world seems to get by with, for instance, .co.uk but almost no one in America seems to be aware that national TLDs exist.
Now if they'd be really smart, back when they invented DARPANet they'd have ensured that all mis-directed emails were sent direct to .nsa.us for 'help' in 'forwarding' them to their 'correct' recipients.
God knows what the militaries of *other* nations are sending around out there... Of course, in the case of my original home country it's probably something about migrating polar bears and cases of beer.
jon
This is really scary:
1. Sensitive and secret information sent to a member of the public.
2. Sensitive and secret information sent to same member of public after being informed that said information was going outside the military.
3. Sensitive and secret information being sent by email in the first place.
I ask you, what sort of drooling idiots do the US Military employ? Do they breed them in special farms? Have they heard of Network Security?
As with all secure systems, they are only as secure as the weakest link, which is usually some new and underpaid slack-jawed yokel who has no training and/or don't give a damn. Only in this case, said yokel is wearing a uniform, and probably has easy access to weapons and ammunition.
Paris? Well, I'll leave it to you to work out.
AC at 2008 22:18 GMT: "Why didn't the guy just configure the site's mailserver to reject any emails that weren't for the addresses he actually used? The only reason I can think of is that he *wanted* to carry on receiving all that stuff."
There's one in every thread, right?
Maybe he couldn't be bothered to work on behalf of dimwits.
I, for one, suck in any e-mail addressed to nonexistent addresses on my domain, no bounces here, no sir. Though it doesn't get read, it just gets piped to /bin/true. You wouldn't believe the number of imaginary addresses spammers try, either.
Pirate icon because the old idea of luring passing ships into the stones is alive and well.
And these are the same wankers hired to protect us from the illusion of a terrorist hiding behind every tree , bush , power pole rock or garden fence in the land waiting for the signal to frag us at the earliest opportunity !
Say , where can I find the yellow brick road to run away from these wankers all , as I do not feel safe all of a sudden as they might get the itch to play "Thermo Nuclear War Games" for real !
Actaully, that would be Military Intelligence at work. Military Genius (and for that matter, Tactical planning) was when someone shot an F117 down with an unguided missile because said F117 took the same flight path after every singly bombing run.
That's Military genius on both sides, btw. The US side for not figuring out that that's a pretty bad idea (tm) even with a stealth jet. The opfor guys (can't remember who it was atm) for figuring out that even if you can't see it on radar and needn't bother firing IR seekers at it, you can still take it down with an unguided missile if you aim properly. The readers get to guess on which side the oxymoron is.
I get all sorts of stuff, mostly boring drivel like photos of people's babies, and last week someone called Jan signed me up at Hillary Clinton's website... wonderful! Some mildly interesting stuff like "Thankyou for your order of xxxx from zzzzzz" and yes, occasionally quite sensitive stuff too, An unencrypted, unpassworded Excel docs about some policy holders of an American health insurance company was probably the highlight :) At least the sender had the decency to apologise when I pointed out her snafu... Shame, I've never had anything marked Eyes Only, that would surely be a fun read...
Paris icon because even she can type an email address right (maybe).
whats the point of all this encryption when dullards are just sending it out to anyone that looks vaguely right.
And does Patriot Act stop this? Of course not and to think this is found by accident not some high level secret investigation. They are sending it out to anyone who looks familiar in adressing terms.
The weak point in any security is the user.
Flame? We're all going to hell in a handcart thats why!
OK, so US military personnel are responsible for this poor guy having to shut down his website as they put him on a spam list. I'd encourage him to seek legal advice as there is a direct cause and affect relationship between these dickless yanks behavio(u)r and the loss of a HUGELY profitable website plus a huge amount of time spent trying to bounce the dumbasses mail and deal with the not quite so dumbass spammers (at least they make money from it:-).
Coud be fun and several opportunities would present themselves:-
-Court discovery, publishing all the e-mails with great potential for love affair junk. Hey it's the land of Bill and Miss Screwinsky and NASA diapers (nappies).
-Bribery possibilities in relation to above.
-Crazy justifications, that launching spam at the UK aids in the U.S.'s war against terror as Osama can't resist joining in.
Anyhoo AC doesn't mean Anonymous Coward anymore we need some opportunistic lawyers round here.
-Which leads on to :-
@AC's comment-'Why didn't the guy just configure the site's mailserver to reject any emails that weren't for the addresses he actually used?'
I dunno running a potential tourism site, he might expect mail from people other than his neighbours, huh? I mean this AC must be some psychic twot, who can predict the addresses of all the mail he's going to get.
In closing the Go just to negate the AC's Stop and Doofus, doofus, doofus, sorry they were tearing at my fingers:-)
and hey I'm Stu so kiss my rounded posterior...come on, pucker up a bit :-P
"I dunno running a potential tourism site, he might expect mail from people other than his neighbours, huh? I mean this AC must be some psychic twot, who can predict the addresses of all the mail he's going to get."
I hope you're not a mailserver admin, because you obviously don't know the difference between From: and To:
If it was me after all that, I would have bodged a perl script to send all emails coming from the IP ranges in military emails (with very wide subnet to make sure and some other sanity rules) to a conspiracy black helicopter usenet group and forward the replies from people reading that group back to the senders. Eventually creating a conspiracy military loop where everything is true.
Some spam would come through but by that point it would be thought of as a stenography test to work out why a cat falling off a shelf is being posted after AirForce One flight paths.
"...to videos up to 15mb in size..." That shews the sophistication of the USA security forces: when you can compress an entire video into 15 millibits (say 1/67th of a bit) then you can claim to have done something really useful. This is presumably a new sort of video encoding that hasn't been made public yet---still a military secret. It'll make my video iPod look enormous when it is finally released.
"Surely he should have alerted MI5/6 instead?" .... By Anonymous Coward Posted Monday 3rd March 2008 23:23 GMT
One assumes that they were mentoring the situation, AC. If not, then they would be practically useless and unworthy of the Intelligence moniker...... which is always a possibility, no matter how unpalatable that may be, for there are precious few signs [some would say, no signs] that British Intelligence is Leading anything.
And although that could be desirable, because there is no Progress through Intelligence on the Ground, it is not present ...... just in case so smart ass says that they are Working and Leading ...but it is SuperStealthy and therefore unlikely to be widely known.
I have yet to figure out who the emails from the NHS hitting one of my domains are actually directed to
i considered selling the information they have sent, but i figure the NHS would just undercut me by losing a CD of data for a lower price
i wish i was kidding, but one of my unused domains from a failed project does get the occasional email from NHS senders, presumably to a company they work with by the corporate sounding domain but i can't find anything even similar that it could be destined to... just waiting until they send me some highly confidential medical records or something to forward to el reg...
makes you think just how widespread incompetence is, multiply how often it happens, with the number of different government departments sending confidential information, then figure out if you want to hand over your details to an ID card project run by these people - who i presume will be using the same top of the range security practices they currently use, emailing your details to "somewhere that might be the central server"
with Freedom Fighter George Tree or Scrub, some name like that.
Maybe he was sending the messages , and they hadn't explained about how that internet thing worked.
As the internet was invented by a Democrat, Mr.A. Gore , maybe it was left unsafe just to trap the simple Republican President.
Paris because she would get on well with him
Peace and Joy
Just want to say I am surprised.
Why haven't they sued him for Cyber squatting yet??
Seriously, If this happened to me, and I had told them what was happening and they did not sort it out; I'd start selling the less critical but still interesting stuff to the rags; err newspapers. Never can have enough money, just ask Bill.
One last thought, anyone visited Whitehouse.org I wonder what THEY find in their "In Box" ??
Owner is a friend of a friend, was amazed at the sort of information the yanks will share with everyone and not check that it going to the right place
Seems the guy wanted genuine mail address to him and some friends @sitename but did not want the whole us base to use his website, especially when they would never receive it :)
http://web.archive.org/web/20070328175245/http://www.mildenhall.com/
To read the whole site would have taken a good hour, but the site only partly archived it
> I, for one, suck in any e-mail addressed to nonexistent addresses on my domain,
> no bounces here, no sir. Though it doesn't get read, it just gets piped to /bin/true.
> You wouldn't believe the number of imaginary addresses spammers try, either.
Only problem that way is that as far as spammers are concerned the email was delivered correctly and possibly read ... as a result its a "good" email address for them to retry/sell etc which will do nothing to reduce the spam you have to process.
I have mine to send a standard "non-existant address" bounce to any email to my domain to a non-recognized username.
I had a Business grade ADSL line from BT provided by a company I worked for and along with it came a BT email address. Having more than enough accounts already I simply set and autoforward to my Yahoo junk account in case anything of interest came through.
A certain Airline (in the Americas) seem to use BT email addresses for all their business and someone in their PR has the same name as me and I got some wonderful emails through about new route planning and promos for journalists but unfortunately even though I patiently sent each one back to sender and on to the airline main address, I never got compensated. Would it have hurt them so much to reward me with a freebie flight?
> I have mine to send a standard "non-existant address" bounce to any
> email to my domain to a non-recognized username.
But the address that you're sending this bounce back to is almost certainly forged by the spammer, so your messages just fill up some other victim's mailbox. It's called "backscatter spam".
Best practice is to refuse to accept mis-addressed messages, rather than to bounce them.
Shortly after I left Symbian in 99, to start up as in independent designer, I registered "symbain.com", after I mistyped an email and it bounced back.
I hasten to add this is all above board, as I use it to show people - the people who make this very typing mistake - that without user-centred design their security technology doesn't work: a little user-centred design and you just accept that on occasion we'll find ourselves unable or unwilling to encrypt everything, and on occasion we'll make addressing errors too. So email software ought to watch out for addressing errors - they're generally trivial to catch.
Anyway: emails still come in to "symbain.com" every day, and the commonest are from you techies, debating bugs and specs between Symbian and partner companies.
To me, though, it's just inevitable human nature, and it's the designers of the email programs who are at fault for such emails getting through.
I'm a bit ambivalent about what he did (flying saucers indeed! Pah, doesn't he know by now that the Greys all teleport direct from the 8th dimension?), but it might knock a hole in the rather superior attitude of the prosecution claiming all that $ damage when he points out they just send the stuff around willy-nilly.
If he does end up taking an unwanted holiday (for him, lets remember that many people literally die trying to get there as its better than home) in the US, it would be quite a laugh if a US jury found him not guilty and sent a strong message to the mil/gov IT staff that they really should up their game. After all its (hopefully) our security that they are looking after.
No black helicopters here please. The landing pad is full already....
AC wrote:
"I, for one, suck in any e-mail addressed to nonexistent addresses on my domain, no bounces here, no sir. Though it doesn't get read, it just gets piped to /bin/true. You wouldn't believe the number of imaginary addresses spammers try, either."
Are they spam to imaginary addresses at your domain or are they bounces which used imaginary addresses from your domain in the From: field. I had lots of trouble with the latter because:
A spambot opened an smtp connection to my domain, sent a "RCPT TO:" for a random address, got a "250 OK" back and then broke the connection.
It then knew that all addresses at the domain are valid and wouldn't raise any flags with anti-spam.
Spambot then sent out thousands of spam emails using fake names at my domain, most of which bounced and ended up in my inbox.
If you're eating all your mis-directed mail then spammers may use your domain name to send spam. I doubt it will cause you any problems but I was worried about ending up on spam blacklists.
This is on the same scale of incompetence that allowed 'hacker' Gary Mckinnon to gain access to US military systems. I used the term 'hacker' in inverted commas because what he actually did was log into systems with either default or blank (that's right - blank) passwords.
Technically, the owner of mildenhall.com is now in posession of information not intended for his consumption, I wonder if these emails carried the usual disclaimers telling the unintended recipient to discard the email if received?
Nah, don't be stupid ;-)
ET is involved here somewhere, or so Mr Mckinnon would have us believe.
@Anonymous Coward
"Why didn't the guy just configure the site's mail server to reject any emails that weren't for the addresses he actually used? The only reason I can think of is that he *wanted* to carry on receiving all that stuff."
You must be American, judging by your limited imagination and ‘whenever we make a mistake, it’s really because someone asked for it’ attitude.
I have the same setup as this guy: I have a mail server setup that allows me receive every mail sent to @mydomain.dom
Why? Because, when I register at a website, I can use a different e-mail address for each website (without the need for actually setting up a new e-mail address on my mail server).
Thus, on The Reg, I use the e-mail addy; www.theregister.co.uk@mydomain.dom, on Digg I use www.digg.com@mydomain.dom and so on.
If someone sells my e-mail address to a Spammer, I can block that address on the server, and I can see who didn't live up to their "we will never sell your address..." OR has a security leak. And report it.
Sure, I get a little spam send to random e-mail addresses @mydomain.dom, but less than you might expect (thanks in part to my spam filter), especially compared to email-addresses I've used on sites using the method mentioned above.
Works great. And it’s my domain, so I can do whatever I damn well please with it.
And no, it doesn't mean, I *want* your military secrets.
OK, this is a standard case of PEBKAC. The sort of thing I get all the time at work. In fact, so often that my users actualy know what PEBKAC means.
1) The users in question obviously had no brains if they can't even remember an email address.
2) The admins were idiots as, as soon as this started to happen, they could easily have blocked the domain and bounced the emails informing the sender of the correct domain to use.
3) The guy in question INFORMED them of their mistake. He is certainly not the only person to use a catch-all address. I know I do with my personal domain. I have my regular email addresses, several auto-responder and/or automaticaly processed addresses, plus a catch all just in case someone misspells my name. I trawl that once a week or so, just in case.
4) The flight plan of air force 1 was sent in a cleartext external email?!?! Do these guys klnow nothing.... oh, shit, forgot they are Yanks :P
Before we all get carried away with the 'stupid septics' line - not many years ago I ran telecoms for a large business located near RAF Strike Command. We had a range of phone numbers, some of which were not dissimilar to those used by the RAF. Did we use to receive calls saying: "can I speak to Lt xxx?" - yes we did. But my personal fax number was just a transposed digit away from a fax machine at the RAF. More than once I received a fax detailing flight plans for military operations. I would reply with a polite message indicating that they might well have sent this info to the wrong recipient.
Regarding the current furore, I believe that it's not possible to send emails from within a 'Classified' system to a non-classified email address (Chapter 1 of Security for Dummies). This would lead to the surprising conclusion that the flight plans of Air Force 1 are not considered secret. But since the Washington press corps are usually briefed on such travel plans in advance, maybe they're not classified after all.
"it would be quite a laugh if a US jury found him not guilty and sent a strong message to the mil/gov IT staff that they really should up their game. After all its (hopefully) our security that they are looking after."
AC, why wait whenever IT is so bad ...... Mil/Gov IT, up your game and change your game would assist you. The world and his dog have moved on from Sticks and Stones and uniformed dysfunctional men planning Wars in Dumb Assed Games.
info@gchq.com .... "Korea owns GCHQ.com... Oh dear, Oh very fucking dear...Chances are the REAL GCHQ haven't noticed" ... By Karl Lattimer
Posted Tuesday 4th March 2008 10:14 GMT
Nothing to worry about, Karl? That would Seoul Korea and not Pyongyang Korea so presumably the REAL GCHQ would know more than enough or would like to give the impression that they know more than enough. An easy enough trick perpetrated by Silence lest their Response is Meticulously MetaData Analysed making them effectively Prisoners in their Own Minds and not Fit for Any Constructive Purpose.
Why not just publish all the information that he got on that website.
It isn't like the Americans could possibly complain that putting the lives of their military and rulers at risk is irresponsible and therefore shouldn't be done.
After all it was those idiots who gave the precedent.
"Sec. 3. Establishment of the President's Intelligence
Advisory Board. (a) There is hereby established, within
the Executive Office of the President and exclusively
to advise and assist the President as set forth in this
order, the President's Intelligence Advisory Board
(PIAB).
(b) The PIAB shall consist of not more than 16 members
appointed by the President from among individuals who
are not employed by the Federal Government.
(c) The President shall designate a Chair from among
the members of the PIAB, who shall convene and preside
at meetings of the PIAB, determine its agenda, and
direct its work.
(d) Members of the PIAB and the Intelligence Oversight
Board (IOB) established in section 5 of this order:
(i) shall serve without any compensation for their work
on the PIAB or the IOB; and .... " ...... By Presidential Executive Order ... http://cryptome.org/eo13462.htm
Should somebody tell George ...... Pay Peanuts, Get Monkeys?
Seems the admin at mildenhall.com could have helped himself with a more friendly and informative email. His message "xxx@domain.com is using an incorrect email address you must have supplied yourself. Get it fixed NOW!" is a bit terse.
If he had pointed out the likely correct domain, offered instructions on how to go about correcting their error and pointed out that the incorrectly addressed email was never going to reach the intended address he may have increased his quality time.
Still no excuse for the barage of abuse he got - more here http://web.archive.org/web/20070328175245/http://www.mildenhall.com/
"As the internet was invented by a Democrat, Mr.A. Gore , maybe it was left unsafe just to trap the simple Republican President."
No, he didn't say that despite what the "Communist News Network" told you.
What are your motives for perpetuating the lie?.'
I believe that its called humour, dear heart........
Typical! Althought they hijacked the internet the Yanks are never wrong(?) except when they are wrong. I have long outdated experience of working with them in the 1960s and it was exactly the same then within the Air Traffic Service in the military organisation. We had all sorts of problems with them sending, duplicating and overwhelming us with information which was of little or no use as by the time it arrived the information was outdated. Glad to see that the status quo has been mamtained for the last 45 years.
Rather than:
A) Admit Error (VERY un-American. Only Commies make mistakes);
B) Fix the Problem (Did he say "Over a DECADE"?); or
C) Discipline the SHITS who sent his email to spammers for DOING THEM A FAVOR;
They'll probably offer him an orange jumpsuit, a dog collar and black hood.
A CIA flight will be landing at the airfield any minute...
Have a nice day!
A couple of years back I stumbled across a website called kno3.com, which seemed to sell a suspiciously large number of explosive precursors in suspiciously small quantities, as well as a number of other interestingly dangerous substances. DMSO can be used with a wide range of poisons for instance and I can't think of a legitimate use for 5 metre lengths of plastic igniter cord. (Fun -yes, legit - no. I had an excitingly unsupervised childhood!)
Look it up on the Wayback Machine
http://web.archive.org/web/20060104051430/http://www.kno3.com/
Anyway, I tried reporting this to several different law enforcement agencies over about 3 months, but the site stayed up for well over a year, leading me to believe that it was either a honey trap, or more likely another indicator of just how much bollocks is reported in the media about the terrorist threat. Ill informed speculation being much more fun than dull fact, it seemed that a dreamed up device like a dirty bomb was more threatening than conventional explosives being openly offered for sale.
Mines the one without arm holes.
When I was working at XXX I got a invitation to a dinner event that included the PM. The invitation was for a more well known name-sake and I informed he sender about it straight away, too wich the sender said you sound a fine chap, your welcome to attend if you like.
Well not as comparable given me drawing this to the senders attention didn;t result in spam in any way, but we are a ocean apart in many area's.
For the record I declined the kind offer as pengiun suits wasn't my style and I'm not a big social event type at all.
That said I did also a couple of years later just before y2k recieve a rather interesting FAX from the USA, again for my name sake. Now that was sensitive then IMHO so I'll carry that to the grave. But it was personaly brought to the attention of the reciepiant about the senders error so i might of got spammed had I been more open about it I guess :).
But bottom line any form of automation or indeed automated form of aiding or assistance can only experdite human error.
Remember in the old days of IT you had DDE were two typists would type in YOUR CODE :), and any differences were flagged for a 3rd typist to action.
I dont see Double Data Entry being used much thesedays, even the banks dont. This meant computer problems pre 1984 were actualy computer problems and post 1984 and most likely human error, go figure.
Call me an uninitiated fool... but surely even encryption would not have helped here?? If the mail was sent to dave.smith@mildenhall.com and Gary (bless him) bought a certificate in that name then he could exchange keys and read email sent to that address... if he wasn't the honest Injun he could make a FORTUNE selling said info and say nothing to anyone...
Just a thought.
"There's unsurprisingly already 70+ comments on this, all I'm gonig to add is that any prick who's sending confidential and/or classified information via EMAIL deserves to be court-marshalled and banged up for a long time!" .... By David Cornes Posted Tuesday 4th March 2008 13:14 GMT
What would you do, David, re-enlist the Pigeon Post or Pidgin Posts?
It would have been insightful for the article to note that there is a RAF base at Mildenhall and also that the USAF has a presence there... I was initially confused after reading the article...
and yes... I'm a yank, but apparently not as widely versed in the locations of our military as Dan is...
Sending classified information ANYWHERE via e-mail, whether encrypted or not, is flat-out illegal. Sending it out-of-country also violates ITAR, for a separate jail term.
So, the really nasty (and effective) thing for the unfortunate Mildenhall bloke to do is to forward all such e-mail to the attention of the security officer at the Air Force base in question. If that hasn't caused a response within a week (and believe me, you'll KNOW when you get a responsible reply), then just add the Air Force Inspector General to the CC list. Stir and enjoy...
To some degree that's not the case, the assumption is some form of encryption such as pgp (bit shit for military) or a higher military-grade method would mean the file would need an actual key, and the knowledge of what encryption technique was being used. of course that's not to say our wonderfully smart friends across the ocean wouldn't send a follow-up email with these details, or if a simple email back would result in this info being happily provided by the technically retarded sender...
First of all, I can't see the military sending his site to spammers, (though there are some people that might, most of them would be grateful to know what is going on.) More than likely, this story hit the Internet waves and the spam bots picked it up.
As for stupid people in the military, I wish they would figure out how to find some-one's address in the global directories or wherever they are looking. Being tech savvy, I was one of the first to get an army email address. There are over 20+ people in the army / DOD network with my same name. (Who would have thought?) They addresses use a standard naming convention, and with mine being the first, I am at the top of the list. Whenever anyone wants to email their buddy, John Doe, they automatically assume his address is mine. They don't even think of jd1 or jmd or asking what it is.
I've received school confirmations, travel requests, housing confirmations, NCO & Officer Evaluations (NCOER & OER) reports, battle plans, meant for everyone from CW4s, Colonels, DOD contractors and the like. One time I even received a condolence for someone in another unit dieing. Sometimes I do a search on the Global Address book and forward it to the right person, CCing the original sender. Usually I just send a nice note back saying that I am not the person they are looking for. Usually I will get a thank you, and that is that.
The biggest problem is that most of our brass are not technically inclined. Oh well, hopefully that means they know what they are doing on the battlefield instead. One can only hope.
... and me thinking that was the whole idea behind NIPRNet and SIPRNet:
http://en.wikipedia.org/wiki/SIPRNET
to have all "sensitive" traffic go through the secure, encrypted, physically separated from the rest network. (the concept someone above pointed out as the "green" and "red" network.) And even *if* you have to send stuff over the not-so-secure network, there's a metric ton of crypto software/hardware in the military for that.
Stuff like this makes me think that if the internet had existed back in WW2, GCHQ would have been out of a job, as anyone setting up a *@luftwaffe.com or *@kriegsmarine.com addy would have got more info than anyone else...
Hey Mr AC, sir, this may be the first/last/blocked by moderator apology ever posted, delete as aplicable, well that I've seen anyway. My we are a feisty bunch, and I plead guilty that my 1st post, although in moderate good humo(u)r, was a bit of an unwarranted dig especially as most people had already sunk your mailserver configuration idea. Plus in my defence you never mentioned To: or From: in your original post; although I do concede that "for" could be stretched into an inference. I do apologize; I had my don't open mail from people you don't know, antivirus, head stuck on but even a mistake in the To: field could be valid as hefen fourbid:-) mispellinks haf bin noen to happen. Yes I know, I know, it's possible but I'd hate to create a custom filter to handle every possible/plausible/omitted/adjacent character misspelling of any name.
So, yes I'm a doofus, doofus, doofus. Anyways you should go check out the archive (address is in someones post above) as some of the belligerent yank replies, to being kindly informed that they're stupid for mailing to the wrong address, has entailed some of the most disgusting, island bashing, racist rhetoric possible. Such that, I now think us registeronians engage in the most genteel, polite, back-slapping discourse possible. 'Now would someone kindly pass the tea and one of those petite crumpets, please'
Kindest Regards to all Stu
Having worked for companies that are involved in defence and hence using networks that had restricted data on them, I have to wonder how they were able to send classified information via unclassified email. I'm not sure what the actually policy is for the US, but for the UK you *can* send UNCLASSIFIED email from a RESTRICTED network (but no higher) providing that you ackowledge that it is UNCLASSIFIED and then it would have to pass through a filter looking for various keywords, which if they were found would flag the email for manual inspection. If it was something innocent the email would be sent, otherwise it would be rejected and you would get a slapped wrist, the severity of the breach would dictate the size of the slap. You could try and circumvent the filter if you really wanted to, but obviously that would be a bigger slap, possibly dismissal. Anyway, I would expect the US to have a similar system.
So what is going on here? The options that I can see are:
1) None of the email information is actually CLASSIFIED or higher and there is no security issue, but still the issue of sending sensitive info to the wrong email address
2) There is something wrong with the network setup if it allows users to send CLASSIFIED information via UNCLASSIFIED email, which sounds like a network admin issue.
3) The users are sneakernetting the information from a CLASSIFIED network to an UNCLASSIFIED network to circumvent network security.
Frankly none of the options make the US military look good.
www.kno3.com details the extradition of the legal owners of the company running a legal registered specialist chemical company to the UsA on terrorism charges, makes for interesting reading.
The mildenhall site I did read a while back, might even have saved what was on the site to disk, but nothing fancy and nothing bad, just a bunch of yanks posing with some rather specialist kit...
"As the internet was invented by a Democrat, Mr.A. Gore , maybe it was left unsafe just to trap the simple Republican President."
No, he didn't say that despite what the "Communist News Network" told you.
What are your motives for perpetuating the lie?.'
What lie?
Who the hell said this then?
http://www.hotchicksdrooling.com/algore_internet_inventor.mp3
Maybe YOU should stop apologizing for a puppet.
That shows how much the US military actually fear terrorism. Good enough to force privacy invasion, war and huge military bills upon citizens (and other countries), but not something to be actually afraid of...
But Under Black Leaves shines the Uncomparable Bright Light and Ultimate Bearers of Lances who are Used to Batter Lamerica and will hopefully get us rid of Greasy Weasels and Badgers by a flight on The Winged Avenger, and all that Commonly Insane Argument, Not Safe Altogether crap.
Now I hesitate. Black copters or amanfromMars icon?
I'll go for the head of (military?) suckage instead (bad puns intended).
I had the same desaster with the adress wdr.org that had been given up by Swiss bank Warburg Dillon Read (now UBS) in the 90th when they got wdr.com, which had been given up by Westdeutscher Rundfunk Köln (German TV)
Every day I got hundreds of porn newsletters, baby pictures, copied computer games ("as this will be illegal soon, I'll send you all my expensive software now!"), movies - and secret stuff of the U.S. police in Chicago about how to get around the people trying to disturb the G7 meeting. The most funny one was a mail of a young guy in India asking his mother to clean up his room as his GF was coming over the next day - and then next day complaining that mom had not done what he had asked for!
At the beginning I told people they were wrong, and the reaction was like it is described here: Ignorance, aggression, and things like "you are a criminal, you are a hacker, I will complain at the IT boss" - and five minutes later an email to postmaster@wdr.org asking to fire this individial that is reading the emails...
The problem was, I only had webspace, it was not my server. That was already expensive enough in those days. So I could not do anything about the mail setup. That hoster was not able to send back mail to non existing addresses. Which made things worse when someone started spamming with faked addresses.
And I only had a modem - that was long before DSL.
So those 20 MB each and every day were really annoying!
Could not get worse? It did. In 2000 Westdeutscher Rundfunk Köln decided they wanted those domains back. So they sued the bank and me over a sum of 500.000.- . Even the bank gave up.
When I told them my whole email was running over those accounts and I did not want my private stuff on TV, they should at least give me 14 days, they said "to prove that we are not in bed with you we need to have your email!" and sent a cease-and-decist letter to hand over everything within 51 hours. Then they lied to Network Solutions and Deutsche Telekom, said they had bought the domain, to steal it before I could download my mail (I was in the middle of moving from one end of Germany to the other in those days).
Later conversation went even further down the belt, when they said, it is my private problem if I use email for private or even intimate topics, as it is a broadcast medium (yes, you have to pay a TV fee for email in Germany by now!).
As a journalist people have to be able to send me information without it being stolen, but I cannot afford it, still paying the depts they caused me in 2000.
So yes, there are people that are too stupid to realize they are sending mails to the wrong person. But there are also people that want to steal email on intention. And the German authorities appreciate this. The Cologne authorities (Staatsanwalt) made a decision, that hijacking and deleting other people's email is legal, as email is not a real thing like a letter on paper. Great! So phishing is legal too, as nobody robs real paper money, eh?
Some people here are quite upset about the activities of state official Wolfgang Schäuble, trying to put trojans on your PC to supervise you. But I don't worry about the police invading my privacy, when public TV already insists on the right to steal my email and broadcast them on TV or put them online to harass me and my family.
See http://www.dl2mcd.de/domaine.html
Some years ago someone said to me, people need 20 years to understand how the internet works. By now I think they will never do so.
"So, the really nasty (and effective) thing for the unfortunate Mildenhall bloke to do is to forward all such e-mail to the attention of the security officer at the Air Force base in question. If that hasn't caused a response within a week (and believe me, you'll KNOW when you get a responsible reply), then just add the Air Force Inspector General to the CC list. Stir and enjoy..." ... By Anonymous Coward Posted Tuesday 4th March 2008 17:33 GMT
I wish you luck in finding their e-mail addresses, AC. :-) They aint really interested in listening so it is normal for them to hide themselves away in the shadows to be able to plead Ignorance rather than be seen as Arrogant whenever the Audits on Performance start Probing.
Eventually one starts to Realise that their Control of the Situation is a Myth and they are Vulnerable to Exploitation, which is Best Beta Circumvented by Considering any of their Prospective Input Probably best Classified as Irrelevant and Self-Serving anyway, and just re-invent the Service they should be providing elsewhere under Beta Controls.
*..... For Real High Flyers ....... ARGonauts. ...... into Fleet AIR&dD Arms Patrolling ITs ControlLed Spaces.
He should have sent replies to those emails he received saying something like:
---
Sorry guys, we've had to change the schedule for POTUS. It's now lap dance club @ 10.30, presidential debate @ 12.15, pre school english lesson @ 12:20 to 18:30. Let's hope he learns something this time ay. Ooh-rah.
Regards
Mr I. Diot
Head of Top Secret US Operations
> From: idiot@usa-top-secret-government-agency.cia
> To: possible-t3rrorist-who-knows@mildenhall.com
> CC: "Big List of Friends and Family"
> Subject: Bush's Schedule
>
> Bush's schedule for the day is as follows:
> ... <snip>