US nuclear weapon bunker security secrets spill from online flashcards since 2013 Details of some US nuclear missile bunkers in Europe, which contain live warheads, along with secret codewords used by guards to signal that they’re being threatened by enemies, were exposed for nearly a decade through online flashcards used for education, but which were left publicly available. The astonishing security …
The memories of SiteGuard in BAOR during th 1980's. A week of being very tired, and very bored.
And astounded as the average US serviceman's inept weapon handling, as characterised by the individual who followed the QRF out with a 66mm AT to the first response position; a narrow sanbagged area just wide enough to squeeze down whilst in CEFO, with a wall behind it....
I'm generally unimpressed by US people compared to UK ones. I once sat in a meeting which turned into the sort of "eyes only" I was not cleared for but the US chaps present would have just waffled on if I had not stopped them and then removed myself.
Here's a tip on handling secrets: the fewer you know, the fewer you can leak, even by accident, and the fewer you can be accused of divulging. This is why it's always a good idea to try to brief people from public sources, a trick I picked up from a now retired Colonel.
This becomes double important if you have to brief politicians because they're like colanders when it comes to secrecy - if it suits them politically they'll be on the phone to their buddies in the press before you have even left the room, so by sticking to public data you avoid both disclosure and accusations.
Handling secrets isn't that hard. Keeping them is harder.
If, hypothetically, I had a clearance, one of the most valuable things I would have learned from a colleague (if I had one, obviously) was to avoid curiosity. Yes, I hypothetically may have gone interesting alleged places and spent, conceptually, some time in rumored facilities that one might infer existed, but the amount of sensitive information the alleged author might have hypothetically ingested is minimal, if it existed at all, which it might not.
My favorite situation (hypothetically speaking, etc) is where those "read in" to a site can say less about it than the local officials, because of shared facilities and "channels".
We've all been in those situations where the "shape of the hole" in the information publicly available is obvious and there have been leaks in the media (of objectives and codewords) so you're able to have an almost productive information while your 'read-in' colleague can't say anything at all or even nod at the right points.
"so hypothetically, if someone needed to do X, how would you personally approach the problem?"
"if this was going to happen, would you know who's likely to be involved with it and, if so, let them know about a possible conflict with project Y"
When mattryoshka is your policy, you suspect others of being of the same mind. I've seen on other sites that the Soviet shuttle version, Buran, was created because Senior Soviet military could not believe that the Yankee statements of purpose about Space Shuttle. The Son Tay POW camp raid was leaked the Buz Sawyer graphic strip probably to test the water before the official announcement. Before Operation Eagle Claw I watched aircraft where the official pronouncement of no such aircraft existed practice low level cargo extractions. These fell outside of the official clearance path but without any documentation any 'talk' is just fodder for social media.
MORAL: Don't get involved with the clearance process and watch what disappears from view or gets obfuscated and from build your picture with clear conscious. But forget not Matryoshka.
The "shape of the hole" is an interesting concept. I moved to France in 1991, and watching both British and French news about the latest goings on in Iraq, and was interesting to see that the different state media organisations had very different takes on the on-goings, and things reported in one country were totally avoided by the other and vice versa.
Bellingcat link: https://www.bellingcat.com/news/2021/05/28/us-soldiers-expose-nuclear-weapons-secrets-via-flashcard-apps/
Those young men (and some women) enjoy social media more than most.
Bellingcat has taken good advantage of the carelessness of military and intelligence personnel as well as using openly available databases of private information.
No. What they are investigating is who the hell thought it was a good idea to post military operational secrets online and why the frak did they not tell Google's robots to not index that.
And that all boils down to : guys, it was last millenium. In this millenium, you still have soldiers who wear their FitBits in combat zones. Nobody understands the security risk of the Internet, but everybody can contribute.
Is this supposed to be a surprise ?
I think it'll take another hundred years before the military nails down the proper procedures.
Either that, or 100,000 losses. It's a toss either way.
I suspect the people posting it didn't know it was going online. I have noticed the young people today use their phone as a post-it note to grab logins, errors, logs etc. I'm guessing a bunch of these get synced online.
> Nobody understands the security risk of the Internet
If they don't even understand Internet's potential risk to their very own security, why would they care for stuff which doesn't even belong to them...
It's the same "what could happen"/"nobody cares anyway" which excuses posting their most intimate details online for everybody to see, for all times. Convenience beats all other considerations, especially since in this case they don't really care for the stuff they are supposed to guard, they just go vaguely through the motions.
"No. What they are investigating is who the hell thought it was a good idea to post military operational secrets online and why the frak did they not tell Google's robots to not index that."
There are sites out there full of questions and answers to specific online training courses. People do the training and take the exams and upload the details, screen-shots etc. Sometimes it's easy as typing the course name into Google and you can find all the answers to the exam you about to take. Or so a friend tells me.
They will issue a new, enhanced, and at least an order of magnitude more expensive contract to one of their tried and true contractors to implement a flash card training system which can handle Sensitive Compartmented Information. They will shove it into the Black Budget with no oversight. We won't know anything about it until its data is left exposed to the public. And it will be.
It will end up being the exact same vendor again.
1 They are already a trusted vendor, so it will be easier to hire them again rather than get a new vendor vetted and added to the trusted vendor list (much less paper work).
2 They are the people who are most familiar with the systems and the problem, which mean that getting up to speed will be fast and fully understanding the systems will be negligible compared to bringing a new vendor up to the same level of knowledge. And they are already familiar with all the internal billing and reporting systems.
3 Problems just like this (<insert problem name here>), were already included in the initial budget request for the overall project, if they changed vendors that would initiate an investigation, red flags would be raised and a whole new budget submission would be required. And no one wants that level of paperwork.
So it will be the people who caused the problem who will typically be tasked with fixing the problem. In reality there is very little incentive not to screw up, screwing up gets extra money for a vendor.
Think of it this way: if you’re uploading sensitive data to a website that isn’t operated by or contracted to your company (or the government in this case), you probably shouldn’t do it. Particularly if you're guarding nuclear weapons. ....... Gareth Corfield
Do governments operate websites and have proprietary intellectual property ownership of that which they host, or are they just remote proxy agents for the produce of others, which they may have made mutually beneficial positively rewarding arrangements to pay source for, in order to try and ensure continuity of great service, or do they more often try to virtually steal it and pirate it and profit from it themselves with the use and/or misuse and/or abuse of transformative information they have been provided with either directly from a source in any initial communication from such an agent, exploring exploitation of their needs for future seeds and feeds ..... or indirectly from information gleaned from source via communicative postings elsewhere to A.N.Others?
To practice such latter shenanigans with particular regard to any NEUKlearer HyperRadioProACTive IT Class of Weaponry is an extremely costly mistake to make and expensive chance to take and lose, rather than win win in with sensible sensitive secure stealthy engagement and simple worthy payment to sources for services required and to be immediately readily supplied and fighting fit for future great and good purpose. You know, the exact sort of thing which the Ministry of Defence Digital Strategy for Defence [April 2021] are looking for, and presumably assuming there will be £billions made available to them to deliver.
There's one near Kelvedon too, with accommodation for 600 peeps. The "Prime Minister's Bedroom" room on one of the lower levels has a lifesize model of John Major propped up in the bed with a big grin. Couldn't see if Edwina was down there.
The bunker's sewage plant could store considerable amounts in huge tanks, according to the signage. When full, compressed air would be used to eject the contents of the tanks upwards and outside via vents. I'd imagine that if you were one of the pissed-off proles trying to batter your way inside to safety, you'd have been even more enraged when the megaspats started to rain down.
"If you drive around near Nantwich in the UK you'll find several brown tourist signs giving directions to the "Secret Nuclear Bunker". Always makes me laugh."
That's the one at Hack Green, which is open to the public too.
And, to be fair, it is a decommissioned bunker and one that is very entertaining to visit, as there's quite a lot of old tech in there too...I've been there a couple of times and it's always interesting :-)
There's another similarly signposted "secret nuclear bunker" near Kelvedon Hatch in Essex:
https://secretnuclearbunker.com/
I made 2 posts about the bunker near Nantwich, but both are awaiting approval from the mods...been 22 hours now !
I assume they are waiting as both contain the word "H A C K" as in H A C K Green which is where the bunker is ! (And this being a techy website so the above word might be on a "watch list" of unacceptable words...).
Or maybe I'm just being observed by B I G B R O T H E R and his holding company ;-)
I'll pop into MY bunker and keep my head down for now, just in case ;-)
We did some work on our backend systems over the weekend, including article comments, and there were a few gremlins, which our tech team has fixed now.
This meant some of you submitted a comment at the weekend and are only seeing it now. We’re sorry for the inconvenience.
(The truth is: we heard the sound of a helicopter, and then a ceiling tile moved, and a shadowy figure silently rappelled down from the ceiling into Vulture HQ. They took our editor and stole our biscuits, and then I posted this as a response to Timbo's commennnn... NOOOOOOOOO! YOU'LL NEVER TAKE ME!)
This post has been deleted by its author
Chegg " the leading student-first connected learning platform"
With contractual liability limited to the greater of 6 months' subscription fees or $250, a specific disclaimer of warranty in respect of security and posting " information that poses or creates a privacy or security risk to any person;" listed as prohibited content.
If it's a convenient online service, nobody, including apparently those responsible for our nuclear defense, ever reads the darned contract.
"Responsible" is doing a lot of heavy lifting in that last para!
The flashcards are quite obviously from "kids" (people less than, say, 25) who are trying to complete their required training courses. They are, of course, in some way "responsible" for the security of the weapons (in that they're likely to be the ones holding the gun pointed at an intruder), but what this really shows is a management failure....
Nuclear weapons bunkers have been strewn across North America ever since the cold war 60s, specifically an Air Force Base tells the locals the base hosts only jet 'fighters', when those fighters were really fighter bombers designed to carry tactical nuclear weapons and each base had a series of "ammunition" bunkers that held the nukes.
I recall an anecdote, told by a colleague who had just transferred from a UK military project about doing an online search to see if anyone had a reference architecture for the kind of thing they were doing and being surprised to see their own (most secret) documents show up. It turns out the programme manager had bought a new NAS drive for home which (this would have been about 2005) had the then new feature of backing up to cloud AND indexing for search engines. Everything presented to the client was now available through Google.
Hmm, so first up, I've not actually read the Bellingcat article and appreciate the answer might be in there. But has anyone checked the information leaked and confirmed it's accuracy?
It might be some deliberate misinformation designed to reveal an intruder. The alleged "stress words" might actually be words chosen to identify an intruder.
Or, it might genuinely be an operational SNAFU, which is the simplest answer?
This post has been deleted by its author
UK Trident submarines can berth at a few ports, plus a dozen or so offshore "X berths". All at risk from enemy attack or domestic accident. Nearly two decades ago the government ordered the Royal Navy to draw up emergency plans to quell local fears at each location, which of course led to panic and anger.
By then I was a well kent peace protester, albeit accidentally, and I attended the Skye Broadford bay RN public briefing. It was a crowded hall with folding chairs and by the time I arrived late the seats were full and scores of people were standing. The police and the RN were obviously waiting for me to do something, which sounds delusional but they escorted me to one one empty seat in the middle. All the navy bods looked directly at me as they were spraffing their PR spiel. I was just there to hear what was said, I said nothing, I did nothing. I hadn't planned to, and I didn't have to. The crowd got angrier on their own.
To begin with the RN put up a map showing a five mile radius around Broadford bay X Berth from which everyone would be given anti-radiation tablets and evacuated to the local hospital in the event of an accident.
One local asked, "How will we know?"
"The police will drive around announcing it on loud speaker"
"What about the deaf folk?"
"Err..."
"I've a question. You said you'd remove casualties to the hospital outside the danger zone. Have ye no looked at yer map the hospital is inside yer red circle?"
"Errr..."
Much fuming and gnashing of teeth, nearly an unplanned riot.
Apparently the PR exercise went even worse at other X berth locations where locals had found out the history of numerous previous accidents that had led local police to say they would not participate in any clean-up.
If you want to be horrified by how the DoD and the US military deal with nuclear weapons (or anything related), I suggest you read Eric Schlosser's Command and Control (Amazon Kindle). It is... frightening to say the least. The amount of times this planet has come close to a massive nuclear blast other than a test is just a little too much.
This post has been deleted by its author
Hello steelpillow,
We did some work on our backend systems over the weekend, including article comments, and there were a few gremlins, which our tech team has fixed now.
This meant some of you submitted a comment at the weekend and are only seeing it now. We’re sorry for the inconvenience.
Best
Jude & the rest of the vultures @The Reg
How many national security/spy agencies around the world have their own wayback machines.
Or why the first copy of this post has sat awaiting moderation for over three days now, while other commentards are being accepted. If I have hit a nerve, then dithering is a fucking stupidly transparent way to cover up. And if I haven't hit a nerve, then WTF do our vultures think they are (not) doing - and why?
We've had tech problems on comments over the weekend which our incredibly hardworking tech team has now ironed out.
This team really, really, really cares about readers and serving the readers and we all especially want this space to be a good place to chew the fat.
To be completely frank, this comment is the last thing any of us would want to read coming back from a long weekend.
I use a free Proton Mail account. About two months ago I was spamming all my contacts because I was on a roll and had important information. None of my emails arrived, and they weren't in my outbox either.
I've had run-ins with the security services so Occam's Razor. It took me a day or two to read the Proton Mail terms of service. 150 emails a day at most, and I'd hit that limit by noon. Not the security services, I was a victim of my own verbosity.
I catch up with my first love via email, but yet she doesn't seem to receive what I write. She explained, "Well I read the first one then I just delete the next ones."
I cancelled my internet partly to save money but mostly to lessen my addiction.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
