Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Air Force Emails Sensitive Information to Tourism Site

Zonk posted more than 6 years ago | from the that's-a-pretty-spectacular-oopsie dept.

Security 242

Khuffie writes "The US Air Force has been sending sensitive information, including flight plans for Air Force One, to a website promoting the town of Mildenhall in Suffolk. When told of the error by the site's owner, the Air Force did not attempt to fix it at first. When reminded at a later time, instead of fixing the issue, they advised the owner to 'block unrecognizable addresses from his domain and have an auto-reply sent reminding people of the official Mildenhall domain and blocked his website from access on base.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered


The Airforce... (4, Funny)

megla (859600) | more than 6 years ago | (#22648242)

...because it's always someone elses problem.

Re:The Airforce... (1)

Brian Gordon (987471) | more than 6 years ago | (#22648308)

Oh please, "security breaches"? What enemy could possibly challenge the US air force?

Re:The Airforce... (3, Informative)

megla (859600) | more than 6 years ago | (#22648362)

I'm guessing being emailed confidential deployment plans and the route for Airforce 1 would get them off to a good start!

Re:The Airforce... (2, Funny)

ozmanjusri (601766) | more than 6 years ago | (#22649298)

the route for Airforce 1

Are you kidding?

An attacker who took that turkey down would get a pat on the back and free beers in every bar across the United States. Any sensible enemy of the US will make damn sure that's the last bird still in the air.

Re:The Airforce... (2, Insightful)

Anonymous Coward | more than 6 years ago | (#22649362)

That's not only ignorant, it is also blatantly incorrect. Regardless of the feelings for the man in the office, the office itself is symbolic of the United States. Just think of how long we've spent after the destruction of symbols of US capitalism, the World Trade Center Towers. Multiply that by 1000, and you'd have the reaction if someone were to take out the President of the United States.

Re:The Airforce... (2, Interesting)

siliconspirits (1251256) | more than 6 years ago | (#22649646)

Like the reaction and 'intense' investigation that took place after JFK was assassinated?

No one even crashed a plane into a building with that, or shot down a plane...they just brought a rifle to a political event, aimed and fired. I think many Americans would be happy to watch him die, as a clear enough separation has been made between his personal incredible stupidity and the honor and distinction of the office itself during his terms in office.

I personally, think that no one should 'die' for their stupidity, the loss of human life regardless of it's intelligence (or lack thereof) is bad, but when you're in a position like that of the President of The United States of America...there is a level of accountability that should be enforced both during, and after your time in office. Legislation is deliberately being delayed when it comes to keeping up with the developments of investigative techniques involving IT and politics.

Re:The Airforce... (5, Interesting)

Red Flayer (890720) | more than 6 years ago | (#22648378)

The budget.

Military spending is a huge contributor to the US's debt problems, and anything that reduces the efficiency of the military contributes to the problem. Consider how expensive the air force is to maintain -- when it comes time to curtail the military budget, the air force has a lot of low-hanging fruit.

Security breaches and awareness of systemic ineptitude will just increase the likelihood that the air force will be targeted with more cuts.

Never mind the fact the a security breach, if taken advantage of by the wrong people, could be *very* expensive.

Re:The Airforce... (5, Insightful)

172pilot (913197) | more than 6 years ago | (#22649038)

How I wish that were true, but you miss a fundamental difference between private industry and the government... When a private company has such efficiency problems, it goes out of business, but when a government agency has trouble, the trouble is presented as "evidence" that "the problem is bigger than we thought" and that more money needs to be allocated to correct the problem. Of course, the fundamental problem which is ignored is the leadership of the organization wasting the money, so the problem never gets fixed, but budgets get bigger and bigger.. At least in the Military's case, their function is one which can be justified by the Constitution - Most of the other government waste is in programs that the government has no right to be spending a dime on in the first place...

Re:The Airforce... (1)

Red Flayer (890720) | more than 6 years ago | (#22649172)

Very good point.

I'm just wondering how much of it applies during times of budget contraction, as opposed to the status quo of annual expansion... because we're going to need to shrink the military budget in the next few years... whether it's done via inflation or visible cuts, I'm not sure.

Re:The Airforce... (2, Insightful)

Mushdot (943219) | more than 6 years ago | (#22648380)

If you read the article you would know that sensitive information, including flight plans for the president and military tactics were received. So with that information it may not be such a challenge.

Re:The Airforce... (5, Insightful)

Serious Callers Only (1022605) | more than 6 years ago | (#22648964)

The real question is what is sensitive information like that doing being sent over email without encryption. If they're sending things like flight plans and military tactics via plain email, it should be considered a security breach no matter who the recipient is. Anyone could easily read it on the way between the two servers, it might get forwarded to someone who shouldn't see it, it can be changed by servers en-route or bogus data inserted etc etc. I imagine most security services would find it easy to infiltrate an ISP here and there and watch traffic as it goes through, and no one would be any the wiser.

Re:The Airforce...data sent without encryption (0)

Anonymous Coward | more than 6 years ago | (#22649476)

How will we laugh at the UK when the USAF pulls stunts like this?

Re:The Airforce... (1)

gedeco (696368) | more than 6 years ago | (#22649700)

Perhaps it was a channel for desinformation? Maybe they knew, someone else was also reading this mails?

Re:The Airforce... (1)

somersault (912633) | more than 6 years ago | (#22648392)

I'm hoping that was sarcasm? The fact that it's so ludicrous hints at it, but I'm worried you were serious..

Re:The Airforce... (1)

ta bu shi da yu (687699) | more than 6 years ago | (#22648398)

The aliens in Independence Day did. Threatened them, but didn't defeat them. But how do you know that they haven't disguised themselves as tourist operators in Suffolk? This could be chance they need to retake the earth.

And I don't know about you, but I don't think I could stand a sequel to ID4.

Re:The Airforce... (1)

morgan_greywolf (835522) | more than 6 years ago | (#22648400)

Oh please, "security breaches"? What enemy could possibly challenge the US air force?
China. North Korea. Iran. North Vietnam. Palestine.

Basically any country with nukes or that has close ties with a country with nukes. Of those, the most credible threats are probably from China and North Korea.

Oh, wait...were you joking?

Re:The Airforce... (1)

peragrin (659227) | more than 6 years ago | (#22648514)

Vietnam and North Korea had weapons support from china. iran and North Korea wouldn't last three months on their own. Palenstine can't keep isreal out, let alone anyone else. I think you mean Pakistan. Pakistan would fight bravely and even win a few battles but would be overcome.

China,India, and Russia though would. Any fight with either is just stupid. We walked over Iraq, and afganistan because they didn't have weapon support from russia or China.

Iran may or may not have nukes. but it's airforce is rusted out f-14's that they don't have the parts to fly.

Try and take a good tactical look around sometime.

Re:The Airforce... (0, Insightful)

Anonymous Coward | more than 6 years ago | (#22648570)

You seriously think that we "walked over Iraq"? Perhaps it escaped your attention but we are still fighting there, and we have not won yet. I suggest you read more newspapers.

Re:The Airforce... (5, Insightful)

morgan_greywolf (835522) | more than 6 years ago | (#22648912)

You seriously think that we "walked over Iraq"? Perhaps it escaped your attention but we are still fighting there, and we have not won yet. I suggest you read more newspapers.
While I agree with your sentiment, I feel I have to point that we did "win" in Iraq. The regime in Iraq changed. We defeated the Iraqi military. What we're still fighting over there, though, isn't so much as the "enemy" as it is just basically mass chaos, which either U.S. military intelligence either knew or should have known would happen in a country splintered and segregated along ethnic, religious and cultural divisions. After all, isn't that why there's never been any significant time of peace in the nation of Israel since its founding in the first half of the last century? (Not to mention that other people from outside of Iraq are capitalizing on this chaos and taking pot shots at the U.S. military whenever possible.)

Y'all have to look past the rhetoric coming from both sides of the political aisle and see the situation for what it is: fubar'd.

Re:The Airforce and no IS Security (3, Insightful)

callistra.moonshadow (956717) | more than 6 years ago | (#22648648)

I think that this may have to do with bravado, but more likely it has to do with plain old ignorance. I seriously doubt the Airforce has good IT personnel. Maybe I'm being an IT snob, but from what I've heard from family members that work in government and other civil service (one is pretty highly ranked) is that (as we all know) woefully behind the times. I suspect that an email about data being sent to a public URL may have been seen as cryptic to whatever administrator ended up with the information. On a different thread I was talking about identify theft and how the government is one of the largest areas where proprietary data is stolen from. I think that it's just another symptom of a much more systemic problem within government agencies in the US.


Re:The Airforce and no IS Security (4, Interesting)

yuna49 (905461) | more than 6 years ago | (#22648950)

I was bothered by the Air Force's casual response to this problem as well. Not to mention their mistreatment of the domain owner, telling him to rewrite his 550 SMTP reply to inform senders of the base's domain. Why didn't a "Communications Squadron" offer to work with the domain owner to resolve these problems? The fact that the USAF shrugged off this rather simple problem onto the domain owner tends to confirm your suspicions about the quality of their IT services.

Re:The Airforce and no IS Security (1)

jimbobborg (128330) | more than 6 years ago | (#22649750)

I suspect that USAF is using contractors for their IT needs, much like the rest of the US Gov't.

Re:The Airforce... (1)

danskal (878841) | more than 6 years ago | (#22649310)

Errrrm - Al Qaida? Or weren't you born 9-11-2001?

Apart from that, just about anyone who can control the supply/price of oil.

You may not like it, but it's the truth

Re:The Airforce... (1)

JasterBobaMereel (1102861) | more than 6 years ago | (#22649470)

That's an easy one : China

How good are the Air force at hitting Suicide bombers, without killing civilians?

How good are they against submarines

How good are they against ICBMs

Go and put the Jingoism away and realise and airforce cannot win any war on their own, and do not even have a role in many battles?

Re:The Airforce... (3, Funny)

aug24 (38229) | more than 6 years ago | (#22648394)

In other news, the Air Force has requested that prostitutes, drug dealers and off-licences refuse money from US Airmen, and tell them to spend it on something moral and all-American instead.

more sites (2, Funny)

Goffee71 (628501) | more than 6 years ago | (#22648262)

quickly signs up for:

just to see what comes my way

Quick fix (0, Insightful)

Anonymous Coward | more than 6 years ago | (#22648266)

Why didn't somebody just buy his domain off him, let him keep the website, and route the email to a bit shredder for all but the admin addresses, like "webmaster"?

Wait a minute. (5, Interesting)

Jikrschbaum (920529) | more than 6 years ago | (#22648270)

Isn't the Airforce the branch that has been tasked with Cyberspace security? Some kind of Cyber Command? Military Intelligence at its highest magnitude.

Re:Wait a minute. (2, Insightful)

Kiuas (1084567) | more than 6 years ago | (#22648434)

Military Intelligence at its highest magnitude.

"The military intelligence
Two words combined that can't make sense"
-Megadeth, Hangar 18

Re:Wait a minute. (1)

Svartalf (2997) | more than 6 years ago | (#22648446)

They would like to have that role. But if this is how they handle security...heh...

Re:Wait a minute. (2, Funny)

Anonymous Coward | more than 6 years ago | (#22648754)

I wonder how long until such slopiness gets them known as the U.S. Error Farce?

Re:Wait a minute. (2, Funny)

dcollins (135727) | more than 6 years ago | (#22649006)

Have you seen the new recruiting ads on TV that are precisely that, some guy at a screen in a bunker protecting the Pentagon from "3 million intrusion attempts a day?"

Tag line is now "Air - Space - Cyberspace".

Send in the B2's (5, Funny)

DeeVeeAnt (1002953) | more than 6 years ago | (#22648282)

It's the only way to neutralise the tourist threat!

Re:Send in the B2's (0)

Anonymous Coward | more than 6 years ago | (#22649242)

B2's are grounded due to a recent accident.....hhhmmmmm

Re:Send in the B2's (0)

Anonymous Coward | more than 6 years ago | (#22649340)

I always called them tourorists. Slowing down traffic, driving erratically while reading maps, running all over our National Parks (heck even our wineries here in California), clogging our beaches and freeways - yup, tourorists, the pack of 'em.

Conspiracy! (5, Funny)

neokushan (932374) | more than 6 years ago | (#22648284)

It's almost as if they WANT someone to kill the president....

Re:Conspiracy! (2, Funny)

oliverthered (187439) | more than 6 years ago | (#22648356)

who doesn't

Re:Conspiracy! (2, Insightful)

schon (31600) | more than 6 years ago | (#22648534)

I most certainly don't. Unless they can take out Cheney at the same time.

You know why the democrats haven't had Bush impeached? Because they'd rather have him than President Evil.

USAF 1, british civilians 0 (3, Insightful)

Chief Camel Breeder (1015017) | more than 6 years ago | (#22648286)

I see from TFA that the owner finally took his site off-line because of the problem. So the USAF probably considers the problem solved. Another triumph for American diplomacy.

Stable doors (2, Insightful)

Silver Sloth (770927) | more than 6 years ago | (#22648288)

It was only after sensitive information had leaked that anything was done about it.

Re:Stable doors (1)

WK2 (1072560) | more than 6 years ago | (#22649416)

To be fair, according to the summary the Air Force never closed the stable doors. Perhaps they were thinking, "Oh well. What's done is done." The thing is, they really should stop sending sensitive information via email in order to lessen future threats.

On the other hand, this will make it easier to kill the president.

Taking bets (0)

Anonymous Coward | more than 6 years ago | (#22648300)

Mr Sinnott has now decided to take his website down to avoid getting these messages.

Now taking bets on which intelligence agency or terrorist organization will be the first to snap up the domain once it becomes available.

Re:Taking bets (1)

theheadlessrabbit (1022587) | more than 6 years ago | (#22648672)

Now taking bets on which intelligence agency or terrorist organization will be the first to snap up the domain once it becomes available.
How can you tell the difference between the two?

The Cheney Effect (5, Funny)

TheSixth1 (81935) | more than 6 years ago | (#22648318)

The Vice president accidentally shoots a man in the face, and it's the mans fault for getting in the way of the buckshot. The Air Force emails sensitive information to a website owner, and it's the site owner's fault for receiving it.

The Cheney Effect is spreading!

Re:The Cheney Effect (1, Insightful)

Anonymous Coward | more than 6 years ago | (#22648786)

I suspect it was birdshot rather than buckshot.

If the latter, the poor dude wouldn't have had any face left, and Cheney might well have been sent down for manslaughter.....

I'll leave drawing any conclusions as to if this would have been a *very* good thing as an excercise for the reader :-)

Re:The Cheney Effect (1)

mgblst (80109) | more than 6 years ago | (#22649566)

Just as it was the fault of that lighthouse getting in the way of that battleship.

OPSEC and COMSEC (4, Insightful)

Ethanol-fueled (1125189) | more than 6 years ago | (#22648320)

This from the mighty mighty Air Force which banned blogs, which accidentally flew nukes cross-country, which wants to start a "Cyber-Command." Not trying to flame, but why do they insult their own intelligence by banning the viewing of blogs [wired.com] while allowing this sort of crap to happen?

Re:OPSEC and COMSEC (2, Informative)

qoncept (599709) | more than 6 years ago | (#22648852)

They blocked access from military computers. You can read what the slut next door is doing from home, but at work you're supposed to work. If they blocked something useful, you say "hey, I need to read this web page" and they unblock that one. Smart Filter can be funny though. They blocked wikipedia. Category? "Education/Reference"

E-mail is a postcard (5, Insightful)

mdmkolbe (944892) | more than 6 years ago | (#22648354)

If the Air Force is sending that info over unencrypted e-mail, they have bigger problems than just the e-mail going to the wrong domain.

This kind of makes me suspicious that he article might just be hyperbole.

Re:E-mail is a postcard (1)

Svartalf (2997) | more than 6 years ago | (#22648424)

One has to wonder about that...

However, having said this, it's not the first time someone screwed up bigtime on a DoD system.

We've had other sloppiness come to light from some of the Titan Rain hack announcements-
basically, we've had a bit of low-grade (thankfully) leakage of things that are not classified
but not for general public consumption, stuff classified Confidential and Secret out of
boxes that should NEVER have had the information on them in the first place as they weren't
trusted systems.

As it stands, I am not sure what to think of the article. It's the BEEB so it's less likely
to sweep something like that under the rug. But it's also the BEEB, so they may be playing it
up a bit larger than it actually is for varying reasons.

Re:E-mail is a postcard (3, Insightful)

Twisted Willie (1035374) | more than 6 years ago | (#22648482)

Mod parent up.

If flight plans of Air Force One are being sent over a public network in plaintext, it doesn't matter in whose mailbox they end up really.

Re:E-mail is a postcard (1)

ironwill96 (736883) | more than 6 years ago | (#22648606)

I also was thinking about that too! If they are so dumb as to think sending an e-mail out constitutes private communication as it passes across who knows how many servers that can all make copies of it on the way there, we're screwed. I would think things like Air Force One flight plans and confidential information should be sent through encrypted satellite connections run by the government or for really sensitive items carried in person via diplomatic couriers.

Re:E-mail is a postcard (1)

SleepingWaterBear (1152169) | more than 6 years ago | (#22649186)

I have to agree here. The airforce must have a policy of encrypting any confidential e-mail. The fact that some guy with a website was getting e-mails meant for the airbase is completely irrelevant to security, and the airforce was entirely right to ignore the problem. For e-mail you have to assume that your messages can be intercepted in any case when you're dealing with security - encryption is the only reasonable solution. Now, if someone in the airforce is sending e-mails with important information without using encryption, that is a security breach, but TFA doesn't seem to have any idea what encryption is.

If I had to guess, I would say that this is some overzealous reporter with no understanding of computer security making a big deal out of nothing. That, or a single individual in the airforce has made a serious mistake by not encrypting his e-mail, and he's going to be in a lot of trouble. If the later is the case, the fact that this random guy was receiving misdirected e-mail is actually a boon to security, since it has helped to identify a breach which might otherwise have gone unnoticed.

preemptive move (3, Insightful)

Atreide (16473) | more than 6 years ago | (#22648432)

'block unrecognizable addresses from his domain'

isn't it more effective if air force domain names are removed from world wide dns ?

Re:preemptive move (1)

will_die (586523) | more than 6 years ago | (#22648896)

It wasn't the domain name it was the 'To' email address. The owner of mildenhall.com had it setup so all email address went to a single, or a couple, email boxes so send email to Iknowthisisanonusedemailaddress@mildenhall.com would be received by the owner.
The air force solution was to block all but the email addresses the owner of the site knew were valid and being using on the site.

Email? Are you serious? (-1, Redundant)

RandoX (828285) | more than 6 years ago | (#22648462)

What the hell is the military doing sending sensitive information via email anyway? I suspect that this is the tip of the iceberg that is their security problems.

I have call this one BS (5, Informative)

Perl-Pusher (555592) | more than 6 years ago | (#22648644)

I spent 20 years in the Air Force. All DOD domains end in .mil not .com. We only have this persons word, didn't see one example. Flight plans via email. Crap! the DOD uses a device called KG-58 its an encryption device. The key is sent via courier every month. That is the only approved way to send any sensitive information.

"It had the notice 'Destroy by any means to prevent capture'," Right, that's absolute crap. One that is not the correct wording. Two its an electronic message, its on your hard drive. Did his computer explode after reading it? I'm sure there are idiots who sent things to his domain. But these just could not be official communications. There are way too many safeguards in place.

People from government ministry of finance offices in African Nations are always send me stuff too.

Lets see some real proof!

Re:I have call this one BS (2, Informative)

DragonFodder (712772) | more than 6 years ago | (#22648864)

I agree completely with you, wish I had mod points to give you.

and unless things have changed drastically in the years since I left the Air Force, all secure communications go across a dedicated network, in most cases that being a dedicate point to point comm line. Nothing of any official sensitive nature would go out on the civilian internet.

If this proves true, on the data, then there is someone looking for a courts martial offense in mis handling secret and above information.

Re:I have call this one BS (0)

Anonymous Coward | more than 6 years ago | (#22648894)

Lets see some real proof!

Yeah! He should publish these airforce one flight plans publicly so everyone can see he's not lying!

Then he should run real fast before someone nukes him for being a terrorist!

Re:I have call this one BS (0)

Anonymous Coward | more than 6 years ago | (#22648916)

Just a side note: They use electronic key renewal systems with the newer KG-84, KG-175 TacLane and Mini-Tac systems...these don't necessarily need to be retrieved by courier (unless a key expires, or is removed from the device).

http://en.wikipedia.org/wiki/KG-84 [wikipedia.org] http://en.wikipedia.org/wiki/TACLANE [wikipedia.org]

Also: VIP flights paths, briefs, etc. are never conducted on an unclassified network unless someone wants busted in a big way.

Re:I have call this one BS (1)

EdIII (1114411) | more than 6 years ago | (#22648956)

I was thinking it was BS. I have read an awful lot about the systems that the government is purported to be using.

It is so improbable that the information was even on systems that are connected to the public internet. Last time I checked, there was something called the IntelLink networks.

I know that there are a lot of security breaches, and I am not saying it does not happen, but there are secure networks in place for this type of communication to go across. The Air Force and other agencies have some presence in the public internet, but it is limited, and certainly not the full extent of their networks.

The event in the article is already stretching my ability to believe it. The reaction just makes it unreal. I cannot imagine the Air Force ever reacting is such a retarded, short sighted, technically ignorant fashion.

Re:I have call this one BS (1)

BradleyUffner (103496) | more than 6 years ago | (#22649092)

It is so improbable that the information was even on systems that are connected to the public internet. Last time I checked, there was something called the IntelLink networks

The secure network is known as the SIPRNET [wikipedia.org]

I call BS on you (0)

Anonymous Coward | more than 6 years ago | (#22649090)

This is BBC we ar talking about, not your beloved FOX news. They check there stories and retract if they are found to be wrong. THey obviously can't post the messages.

Re:I have call this one BS (5, Interesting)

Asklepius M.D. (877835) | more than 6 years ago | (#22649154)

First - the KY-58 (the KGs are a different series such as the 84, 94, and 194) is designed to encrypt radio traffic, not network data. Second, security standards HAVE changed drastically. The AF combined small computer networking (2E2) with crypto maintenance (2E3) some time ago with only limited retraining in infosec. Email is used and abused to a huge extent in the military while good crypto is too often seen as an annoyance - even for critical systems. Many of the old safeguards are gone as part of efforts to cut costs and manpower. Most of the REALLY important stuff is still adequately protected, but coming from an AF IT background, I would argue that this story is more than plausible. No matter how much we want them to be otherwise, the AF really is just another large bureaucracy with a small percentage of highly competent people who somehow make things function in a crisis despite the efforts of the majority.

Re:I have call this one BS (1)

guisar (69737) | more than 6 years ago | (#22649854)

So www.airforce.com is not a DoD site? (I was in the Air Force for 23 years) No kidding the USAF domain is .af.mil so what- it's the Air Force that addressed the email not mildenhall.com domain owner. There's lots of good IT support in the USAF and some dopes- like everywhere. I really doubt these emails were sent by IT personnel- more likely ops and public affairs neither of which are known for their inquisitive nature, careful planning or follow-up- not to mention tech savvy. Mistakes are made sure but not following up immediately and politely to a concerned citizen strikes me as a symptom of not paying attention to details and simultaneously being incredibly arrogant.

As far as encryption devices- dude, we are talking emails here. They are protected, if at all through a PKI certificate issued by HPD-12 compliant CAC cards. KG-58s are for comm, not email. Flight plans by the way are regularly sent over email- we have to communicate with the Civil Air Authorities after all in order to use their air space- we don't own the world. Keys are also distributed electronically now- welcome to the 90s.

All well and good... (-1, Offtopic)

vorlich (972710) | more than 6 years ago | (#22648464)

But did they release the co-ordinates for the present location of the Chappa'ai? Now that would be a service to tourism.

"Advised"? (1)

gmuslera (3436) | more than 6 years ago | (#22648610)

How you tell them also matters... what if the messages were more or less like:

Tourism site: All your air bases are belong to us
USAF: Measure 1
Tourism site: All your air bases are still belong to us
USAF: Measure 2

Is so outrageos this way.

Gateway to News (0)

Anonymous Coward | more than 6 years ago | (#22648892)

Rather than take the site down, convert it into a mail->usenet gateway. Spam in, spam out. Win all round.

Shut down his domain! (1)

Arancaytar (966377) | more than 6 years ago | (#22649004)

It's the only way to be sure [wikileaks.org]!

(Wait, technically, that *would* be effective in this case. Reprehensible, but effective.)

See what happens (1)

laejoh (648921) | more than 6 years ago | (#22649016)

When will the fluoridation of our water stop. Jack D. Ripper was right! Now even the Air Force starts to mess up.

Ask yourself, have you ever seen a commie Air Force mail admin drink a glass of water?

Bin Ladin / Al Quiada plan (0)

Anonymous Coward | more than 6 years ago | (#22649034)

Find out *.mil domains being used.

Register the *.com domain names.

Wait for email...


Many Thanks go to Microsoft's "auto-complete" mail feature.

Bin L.

New way to leak classified "news" (2, Funny)

failedlogic (627314) | more than 6 years ago | (#22649140)

Dear Media Agency,

It has come to the attention of the Air Force that it is likely your e-mail servers may have inadvertently received confidential Air Force e-mails. These e-mails were sent in error. We beg and plead with you to not consider this a "leak" to your organization. These "leaks" will arrive to you though regular channels. As you may have received several thousand e-mails we ask that you forget everything that you read and delete everything. If you print a story about this and decide to publish some example e-mails, please contact us as we will help you find some really juicy e-mails. Again, we did not do this on purpose.

Since our e-mail servers are already having some serious problems, if you are not the intended recipient, please discard this e-mail immediately. We do not have any serious problems with our e-mail servers. If this is the tourism site again, please redirect these e-mails to major news organizations - and then delete.

Thank you,
US Air Force

A Serious Question (1)

catdriver (885089) | more than 6 years ago | (#22649466)

It's easy to poke fun at the Air Force, but this is a serious IT question.

How do you keep (sometimes stupid) users from sending proprietary (or even run of the mill) e-mail to addresses with the wrong .tld?

It's not as easy as blocking all .com mail, or rerouting that mail to .mil addresses, since they certainly have users with legitimate e-mail needs that send mail to .com accounts. Even blocking mildenhall.com might prevent some legitimate use of a tourist site, perhaps for military with families visiting the area.

Additionally, that wouldn't solve the greater problem which could easily crop up again with randolph.com, eglin.com, edwards.com or any number of similarly named commercial sites.

Education has its limits, and even experienced users will type the wrong .tld occasionally in the heat of the moment.

Certainly nobody should send sensitive information unencrypted over non-secure channels, but it sounds like the biggest problem here was the volume of the traffic.

Does anyone have a good solution to this problem?

A Serious Answer (1)

argent (18001) | more than 6 years ago | (#22649670)

Certainly nobody should send sensitive information unencrypted over non-secure channels, but it sounds like the biggest problem here was the volume of the traffic.

Didn't the DoD come up with the solution to this in the '80s? Remember the Orange Book?

That's the solution: you need mandatory access control when you're dealing with classified material. If you're sending material from a classified computer, or moving it from a classified zone on a compartmentalized computer system, then it should be encrypted automatically. If the computer system does not implement MAC then it needs to be treated as if all the data on it was at the level of the maximally classified data it's allowed to contain.

C2 security isn't good enough for stuff like this.

Lowest Common Denominator business (1)

chrishillman (852550) | more than 6 years ago | (#22649486)

There is no mechanism to prevent Lt Snuffy from emailing his flight plan to anyone. There are official channels, but pilots are notorious for being arrogant so they do what they want. You can give a guy millions of dollars in training and equipment but still not stop them from acting like an idiot.

This is not really an IT problem in that you can't prevent a user from sending email. You can educate them (if they will listen, but who is a Sargent to tell a Colonel what to do), you could block "mildenhal.com" in the DNS but then you will have users complaining that they can't surf there. If it were me in the IT shop I would go to the users and tell them to use ".MIL" and their encryption, but not much else because you can't fix stupid.

Audit (1)

larryboymi (1026734) | more than 6 years ago | (#22649718)

This is pretty upsetting, especially when considering that I've worked for a military contractor for the past 5 years and I've had to do security audits from the government each year. Do they audit their own people?

non-issue (1)

RetiefUnwound (472931) | more than 6 years ago | (#22649766)

Look folks, there seems to be a fundamental misunderstanding of what the problem is here.

a) Military computer users suffer from the same lack of applications training that corporate users do, therefore their rate of screwups is no higher than any other userbase. The do receive more computer security briefings than your average corp user, but that doesn't make up for lack of understanding on the part of the user when it comes to knowing how to use anything.

b) The Air Force and Army *DO* have email encryption. However, it is user selectable - i.e., when emailing anything it is up to the user to make the determination if the encryption is warranted, and then select the option.

c) The problem here is with the SENDER. The owner/operator of the email domain at Mildenhall is not at fault. You can't troubleshoot a problem with people on the OTHER end of a problem situation. If they aren't using the Exchange GAL and typing in an @.com address instead of an @af.mil address, you really can't resolve the PEBKAC for them, can you?

'nuff said!
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account