The AP reports today on a rather stunning display of internet idiocy by various DoD entities and military contractors. Posting and leaving sensitive information on unsecured anonymous FTP servers.

GREENSBORO, N.C. - Detailed schematics of a military detainee holding facility in southern Iraq. Geographical surveys and aerial photographs of two military airfields outside Baghdad. Plans for a new fuel farm at Bagram Air Base in Afghanistan.

The military calls it “need-to-know” information that would pose a direct threat to U.S. troops if it were to fall into the hands of terrorists. It’s material so sensitive that officials refused to release the documents when asked.

But it’s already out there, posted carelessly to file servers by government agencies and contractors, accessible to anyone with an Internet connection.

In a survey of servers run by agencies or companies involved with the military and the wars in Iraq and Afghanistan, The Associated Press found dozens of documents that officials refused to release when asked directly, citing troop security.

Such material goes online all the time, posted most often by mistake. It’s not in plain sight, unlike the plans for the new American embassy in Baghdad that appeared recently on the Web site of an architectural firm. But it is almost as easy to find.

And experts said foreign intelligence agencies and terrorists working with al-Qaida likely know where to look.

Yeah guys lets not make an effort to secure our servers against people who have already shown bot that they know how to use the internet and are willing to do so. I’m not talking downloading camel porn either. Al Qaeda routinely communicates via the web, and a number of cyber attacks have been reported on anti-jihadi websites.

And it’s not like the military was unaware of the risk, in 2003 Timothy L. Thomas published an article in Paramaters, the US Army War College Quarterly, which specifically mentioned intelligence gathering and the stealing of information as a risk associated with internet use by extremist groups.

Some more examples of security brilliance:

61 pages of photos, graphics and charts map out the security features at Tallil Air Base, a compound outside of Nasiriyah in southeastern Iraq, and depict proposed upgrades to the facility’s perimeter fencing.

several sensitive documents, including aerial surveys of military airfields near Balad and Al Asad, Iraq, on its server.

aerial photographs and detailed schematics of Camp Bucca, a U.S.-run facility for detainees in Iraq. One of the documents was password-protected, but the password was printed in an unsecure document stored on the same server. They showed where U.S. forces keep prisoners and fuel tanks, as well as the locations of security fences, guard towers and other security measures.

OK to give the Devil his due the holes were plugged when AP pointed them out, and so far no actual attacks resulting from this information have been reported, but you would think people would be a little more careful with it.

Read the article, even if you aren’t worried about terrorist attacks it’s an eye opener on some basic network security issues.

Military, Hacking, Computers, Al-Qaeda

This entry was posted on Thursday, July 12th, 2007 at 5:40 am by Chad and is filed under Brilliant, but uncategorizable. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.