back to article US government forces military secrets on Brit webmaster

A website promoting the town of Mildenhall has been shut down after it unintentionally became the recipient of hundreds of classified emails, including messages detailing the planned flight path of President Bush. Over more than a decade, www.mildenhall.com received emails detailing all kinds of secret military information …

COMMENTS

This topic is closed for new posts.
  1. Carlo Graziani

    NORAD

    There's a norad.com registered to some Florida web hosting service. I wonder whether they get any interesting mail?

    Oh, look, www.centcom.com is also registered, to some non-military folks. This game could be fun!

  2. Carlo Graziani

    But Wait, There's More...

    ...and cia.com, and nsa.com, and if you Brits are feeling left out, some guy in Korea has registered gchq.com...

  3. Brian Miller

    Hint for military personel: use encryption!

    For sale: Secrets, dirt cheap!

    This would have simply been a bit of a nuisance if the military personel would use encryption on their emails. Thus, no secrets would be divulged. So why aren't any military personel getting their hands slapped? Why aren't the military's admins getting off their worthless duffs and doing their jobs about keeping things secure?

    A cousin of mine was in the military, and in his unit there was a "red" network and a "green" network. These were physically divided, with the "red" network being only accessible in one room in the building. Sensitive information was kept on the "green" network, and was not placed on the "red" network's machines. Good security has to be enforced, and that includes serious consequences.

  4. Anonymous Coward
    Black Helicopters

    On behalf of the USofA

    I humbly say, "sorry, chaps". We're not all lunatics over on our side of the pond.

    I did just finish watching the HBO min-series on Elizabeth I. I'll say no more...

  5. Anonymous Coward
    Alien

    My flabber is so gasted !

    Sensitive information being sent in plain text over public networks ?

    "So remember when you're feeling very small and insecure

    How amazingly unlikely is your birth

    And pray that there's intelligent life somewhere out in space,

    Because there's bugger all down here on Earth"

    Thank you mister Idle.

  6. Nev Silver badge
    Black Helicopters

    Drudge Report

    How about giving the domain to drudgereport.com and see if he's as willing to publish a "world exclusive" about his commander-in-chief's flightpath as he was the deployment detail of that Prince.

  7. Herby Silver badge

    Probable reason...

    When you address something to "mildenhall", the mailer just adds the ".com" by default. The lazy id10ts in the US Air Force just thought that they should send to "mildenhall" and did so. Oh, we need to add something like ".af.mil" on the end has no meaning to them.

    So much for passing the "internet" test. Maybe the military should get browsers/mailers that DON'T put in defaults (or at least have an option to do so). Add criticism of your mailer of choice here.

  8. Grumous
    Stop

    ENCRYPT!

    The phrase "military-grade encryption" is banned forthwith, except for references to pig Latin and ROT13.

  9. Chris iverson
    Coat

    damn

    could bother to check the address could they

    my Tax $'s at work more or less

  10. Geoff Mackenzie

    Fantastic!

    I would have assumed they would manage to send such critical information by a relatively secure and private method, but they can't even manage to send it to the right address! That's just priceless.

  11. Leigh Smith

    Typical

    Gary should thank his lucky stars that they haven't demanded his head for circumventing US national security because the UK government would have handed him over without a fuss.

  12. Chris C

    Ineptitude to the inifinite power

    I've always known (since before birth, in fact) that the U.S. government was a bunch of incompetent, inept fools. But the DoD created ARPAnet which, in time, became the internet we now know and love/hate. So it seems somewhat ironic that the military can't even figure out the difference between .com and .mil, or figure out that sending classified information in unencrypted email isn't a good idea. Everyone found doing so should be severely sanctioned.

  13. andy
    Black Helicopters

    "gave his address to spammers."

    "gave his address to spammers."

    C*nts... Lucky it wasn't me, i'd have got my own back by selling anything that came through to Iran and China...

  14. Chris Price
    Pirate

    Uhhh....

    I was under the impression that DARPANet was still active in some form. If not, surely my tax money has been partially spent on an "Undernet" that the military sends sensitive and classified info on.

    Apparently not. KP duty for all involved.

    Jolly Roger because the lack of understanding of domain names has me feeling scurvy.

  15. Anonymous Coward
    Coat

    And the flipside...

    There is, or used to be, a porn magazine called Whitehouse.

    With a website.

    Yes, people got confused.

  16. Anonymous Coward
    Stop

    Seems bogus to me

    Why didn't the guy just configure the site's mailserver to reject any emails that weren't for the addresses he actually used? The only reason I can think of is that he *wanted* to carry on receiving all that stuff.

  17. Anonymous Coward
    Anonymous Coward

    Well if you hadn't insisted that .us was useless...

    I can't help noticing that the Yanks' problem stems from the fact that back in the mists of time someone thought it would be a good idea to have a-national TLDs. The rest of the world seems to get by with, for instance, .co.uk but almost no one in America seems to be aware that national TLDs exist.

    Now if they'd be really smart, back when they invented DARPANet they'd have ensured that all mis-directed emails were sent direct to .nsa.us for 'help' in 'forwarding' them to their 'correct' recipients.

    God knows what the militaries of *other* nations are sending around out there... Of course, in the case of my original home country it's probably something about migrating polar bears and cases of beer.

    jon

  18. Mad Hacker
    Flame

    so the fact they are sending classified emails in cleartext isn't a concern?

    Seems they are focusing on the wrong issue here.

  19. Anonymous Coward
    Paris Hilton

    The old joke about military intelligence?

    This is really scary:

    1. Sensitive and secret information sent to a member of the public.

    2. Sensitive and secret information sent to same member of public after being informed that said information was going outside the military.

    3. Sensitive and secret information being sent by email in the first place.

    I ask you, what sort of drooling idiots do the US Military employ? Do they breed them in special farms? Have they heard of Network Security?

    As with all secure systems, they are only as secure as the weakest link, which is usually some new and underpaid slack-jawed yokel who has no training and/or don't give a damn. Only in this case, said yokel is wearing a uniform, and probably has easy access to weapons and ammunition.

    Paris? Well, I'll leave it to you to work out.

  20. Anonymous Coward
    Anonymous Coward

    WTF?

    Why would they send the presidents flight path and battlefield strategies, passwords, etc in email? Email is the least secure application. I assume these are unsigned and unencrypted if the guy at .com is able to read them.

  21. Christoph Silver badge

    Security theatre

    When Bush goes on a foreign visit they impose ludicrous security. Even in a friendly country they close down large chunks of the local city while he's driving through.

    Ad then they send details of his movements in unencrypted email to the wrong address?

  22. Anonymous Coward
    Pirate

    Guilty of receiving mail not addressed to him?

    AC at 2008 22:18 GMT: "Why didn't the guy just configure the site's mailserver to reject any emails that weren't for the addresses he actually used? The only reason I can think of is that he *wanted* to carry on receiving all that stuff."

    There's one in every thread, right?

    Maybe he couldn't be bothered to work on behalf of dimwits.

    I, for one, suck in any e-mail addressed to nonexistent addresses on my domain, no bounces here, no sir. Though it doesn't get read, it just gets piped to /bin/true. You wouldn't believe the number of imaginary addresses spammers try, either.

    Pirate icon because the old idea of luring passing ships into the stones is alive and well.

  23. Rick
    Gates Horns

    very simple explination

    the lazy bums in the military are using M$ outlook at their email client and the idiots probably have autocomplete set up which is defaulting to .com.....Military Genius at work!!!!

    >/the picture if you scroll over says it all...

  24. heystoopid
    Paris Hilton

    And these

    And these are the same wankers hired to protect us from the illusion of a terrorist hiding behind every tree , bush , power pole rock or garden fence in the land waiting for the signal to frag us at the earliest opportunity !

    Say , where can I find the yellow brick road to run away from these wankers all , as I do not feel safe all of a sudden as they might get the itch to play "Thermo Nuclear War Games" for real !

  25. Remy Redert

    @Rick

    Actaully, that would be Military Intelligence at work. Military Genius (and for that matter, Tactical planning) was when someone shot an F117 down with an unguided missile because said F117 took the same flight path after every singly bombing run.

    That's Military genius on both sides, btw. The US side for not figuring out that that's a pretty bad idea (tm) even with a stealth jet. The opfor guys (can't remember who it was atm) for figuring out that even if you can't see it on radar and needn't bother firing IR seekers at it, you can still take it down with an unguided missile if you aim properly. The readers get to guess on which side the oxymoron is.

  26. Jeremy
    Paris Hilton

    As the owner of a relatively simple Gmail address...

    I get all sorts of stuff, mostly boring drivel like photos of people's babies, and last week someone called Jan signed me up at Hillary Clinton's website... wonderful! Some mildly interesting stuff like "Thankyou for your order of xxxx from zzzzzz" and yes, occasionally quite sensitive stuff too, An unencrypted, unpassworded Excel docs about some policy holders of an American health insurance company was probably the highlight :) At least the sender had the decency to apologise when I pointed out her snafu... Shame, I've never had anything marked Eyes Only, that would surely be a fun read...

    Paris icon because even she can type an email address right (maybe).

  27. Anonymous Coward
    Coat

    RE: And the flipside...

    I could certainly understand the confusion while Clinton was in office

    Mine's the one with the stain on the lapel and the cigar in the pocket

  28. Anonymous Coward
    Anonymous Coward

    Wrong people to alert...

    Surely he should have alerted MI5/6 instead?

    They would likely have happily devoted resources to taking out the military stuff for him on an ongoing basis. ;->

  29. George
    Flame

    From the people who brought you the Patriot Act...

    whats the point of all this encryption when dullards are just sending it out to anyone that looks vaguely right.

    And does Patriot Act stop this? Of course not and to think this is found by accident not some high level secret investigation. They are sending it out to anyone who looks familiar in adressing terms.

    The weak point in any security is the user.

    Flame? We're all going to hell in a handcart thats why!

  30. Stuart
    Go

    Where are the Ambulance Chasers??:- AC acronym now ruined

    OK, so US military personnel are responsible for this poor guy having to shut down his website as they put him on a spam list. I'd encourage him to seek legal advice as there is a direct cause and affect relationship between these dickless yanks behavio(u)r and the loss of a HUGELY profitable website plus a huge amount of time spent trying to bounce the dumbasses mail and deal with the not quite so dumbass spammers (at least they make money from it:-).

    Coud be fun and several opportunities would present themselves:-

    -Court discovery, publishing all the e-mails with great potential for love affair junk. Hey it's the land of Bill and Miss Screwinsky and NASA diapers (nappies).

    -Bribery possibilities in relation to above.

    -Crazy justifications, that launching spam at the UK aids in the U.S.'s war against terror as Osama can't resist joining in.

    Anyhoo AC doesn't mean Anonymous Coward anymore we need some opportunistic lawyers round here.

    -Which leads on to :-

    @AC's comment-'Why didn't the guy just configure the site's mailserver to reject any emails that weren't for the addresses he actually used?'

    I dunno running a potential tourism site, he might expect mail from people other than his neighbours, huh? I mean this AC must be some psychic twot, who can predict the addresses of all the mail he's going to get.

    In closing the Go just to negate the AC's Stop and Doofus, doofus, doofus, sorry they were tearing at my fingers:-)

    and hey I'm Stu so kiss my rounded posterior...come on, pucker up a bit :-P

  31. Anonymous Coward
    Happy

    that didn't take long

    Acting on your tip the millhaven.us domain was snapped up 20 minutes ago - an "Under the Desk" lad in London....

  32. Anonymous Coward
    Coat

    Suprised?

    These are the guys who regularly have trouble differentiating between TLDs. Confusing .iq with .pk for instance :-P

    It's the bomb-proof one thanks.

  33. Anonymous Coward
    Paris Hilton

    @Stuart

    "I dunno running a potential tourism site, he might expect mail from people other than his neighbours, huh? I mean this AC must be some psychic twot, who can predict the addresses of all the mail he's going to get."

    I hope you're not a mailserver admin, because you obviously don't know the difference between From: and To:

  34. lglethal Silver badge
    Joke

    Lets Face it...

    Anyone DUMB enough to WILLINGLY put themselves in front of people who want to kill them at the first opportunity probably isnt the most tuned-in person in the world.

  35. Anonymous Coward
    Jobs Horns

    Evil

    If it was me after all that, I would have bodged a perl script to send all emails coming from the IP ranges in military emails (with very wide subnet to make sure and some other sanity rules) to a conspiracy black helicopter usenet group and forward the replies from people reading that group back to the senders. Eventually creating a conspiracy military loop where everything is true.

    Some spam would come through but by that point it would be thought of as a stenography test to work out why a cat falling off a shelf is being posted after AirForce One flight paths.

  36. Captain DaFt
    Alert

    Two words for this

    Peter Principle:

    NOUN: The theory that employees within an organization will advance to their highest level of competence and then be promoted to and remain at a level at which they are incompetent.

    Nothing explains Military intelligence* better!

    *The ultimate oxymoron

  37. Chris Hobbs

    Video Compression at its best

    "...to videos up to 15mb in size..." That shews the sophistication of the USA security forces: when you can compress an entire video into 15 millibits (say 1/67th of a bit) then you can claim to have done something really useful. This is presumably a new sort of video encoding that hasn't been made public yet---still a military secret. It'll make my video iPod look enormous when it is finally released.

  38. amanfromMars Silver badge
    Alien

    Need to Know.... The Ultimate Cop Out for Serial Incompetents ....in Dirty Tricks?

    "Surely he should have alerted MI5/6 instead?" .... By Anonymous Coward Posted Monday 3rd March 2008 23:23 GMT

    One assumes that they were mentoring the situation, AC. If not, then they would be practically useless and unworthy of the Intelligence moniker...... which is always a possibility, no matter how unpalatable that may be, for there are precious few signs [some would say, no signs] that British Intelligence is Leading anything.

    And although that could be desirable, because there is no Progress through Intelligence on the Ground, it is not present ...... just in case so smart ass says that they are Working and Leading ...but it is SuperStealthy and therefore unlikely to be widely known.

  39. Anonymous Coward
    Stop

    this is not the only case

    I have yet to figure out who the emails from the NHS hitting one of my domains are actually directed to

    i considered selling the information they have sent, but i figure the NHS would just undercut me by losing a CD of data for a lower price

    i wish i was kidding, but one of my unused domains from a failed project does get the occasional email from NHS senders, presumably to a company they work with by the corporate sounding domain but i can't find anything even similar that it could be destined to... just waiting until they send me some highly confidential medical records or something to forward to el reg...

    makes you think just how widespread incompetence is, multiply how often it happens, with the number of different government departments sending confidential information, then figure out if you want to hand over your details to an ID card project run by these people - who i presume will be using the same top of the range security practices they currently use, emailing your details to "somewhere that might be the central server"

  40. Michael
    Coat

    to quote mel gibson

    I wish you wouldn't use the word "intelligence" to describe what it is you do.....

    Dont suppose theres a taliban.com somewhere???

    Mine's the strait- jacket please.

  41. Bruce Sinton
    Paris Hilton

    The Buck stops

    with Freedom Fighter George Tree or Scrub, some name like that.

    Maybe he was sending the messages , and they hadn't explained about how that internet thing worked.

    As the internet was invented by a Democrat, Mr.A. Gore , maybe it was left unsafe just to trap the simple Republican President.

    Paris because she would get on well with him

    Peace and Joy

  42. Ian Emery Silver badge
    Black Helicopters

    Here is a title as the REG server gets upset if you dont have one.

    Just want to say I am surprised.

    Why haven't they sued him for Cyber squatting yet??

    Seriously, If this happened to me, and I had told them what was happening and they did not sort it out; I'd start selling the less critical but still interesting stuff to the rags; err newspapers. Never can have enough money, just ask Bill.

    One last thought, anyone visited Whitehouse.org I wonder what THEY find in their "In Box" ??

  43. Steve Liddle
    Unhappy

    Still on the Internet Archive

    Owner is a friend of a friend, was amazed at the sort of information the yanks will share with everyone and not check that it going to the right place

    Seems the guy wanted genuine mail address to him and some friends @sitename but did not want the whole us base to use his website, especially when they would never receive it :)

    http://web.archive.org/web/20070328175245/http://www.mildenhall.com/

    To read the whole site would have taken a good hour, but the site only partly archived it

  44. Anonymous Coward
    Anonymous Coward

    @Guilty of receiving mail not addressed to him?

    > I, for one, suck in any e-mail addressed to nonexistent addresses on my domain,

    > no bounces here, no sir. Though it doesn't get read, it just gets piped to /bin/true.

    > You wouldn't believe the number of imaginary addresses spammers try, either.

    Only problem that way is that as far as spammers are concerned the email was delivered correctly and possibly read ... as a result its a "good" email address for them to retry/sell etc which will do nothing to reduce the spam you have to process.

    I have mine to send a standard "non-existant address" bounce to any email to my domain to a non-recognized username.

  45. MikeC

    @ On behalf of the USofA

    This TV show with Eliabeth I...it wasn't called Blackader was it?????

  46. Busted
    Alert

    What do you expect?

    This is the same lot that can't even distinguish between friend and foe on the battlefield what chance have they got with a simple domain name.

  47. Kevin Johnston

    Misdirection

    I had a Business grade ADSL line from BT provided by a company I worked for and along with it came a BT email address. Having more than enough accounts already I simply set and autoforward to my Yahoo junk account in case anything of interest came through.

    A certain Airline (in the Americas) seem to use BT email addresses for all their business and someone in their PR has the same name as me and I got some wonderful emails through about new route planning and promos for journalists but unfortunately even though I patiently sent each one back to sender and on to the airline main address, I never got compensated. Would it have hurt them so much to reward me with a freebie flight?

  48. Anonymous Coward
    Black Helicopters

    Data

    At least our Government just looses data, it seems theirs likes to give it away.

    And I would have just set up another site to post the contents of the e-mails to. After all I've not signed any US official secrets act and they kept gaving the information out even after being told about it.

  49. Anonymous Coward
    Alert

    Didn't take long!

    Didn't take long - someone in Walthamstow has now registered mildenhall.us. Nothing worth looking at there but I'd recommend caution if you are tempted to take a look, definitely NSFW!

  50. Anonymous Coward
    Anonymous Coward

    But didn't

    the people who were supposed to be receiving these mails ever notice that they weren't getting e.g. the expected flight plan for Air Force 1? Or were the senders sending out to a nice long list of possibly incorrect addresses?

  51. Vladimir Plouzhnikov

    They gave his email address to spammers???

    Bastards. He should have just forwarded all emails straight to Al Qaeda. That would have tought them...

  52. Anonymous Coward
    Anonymous Coward

    @@Guilty of receiving mail not addressed to him?

    > I have mine to send a standard "non-existant address" bounce to any

    > email to my domain to a non-recognized username.

    But the address that you're sending this bounce back to is almost certainly forged by the spammer, so your messages just fill up some other victim's mailbox. It's called "backscatter spam".

    Best practice is to refuse to accept mis-addressed messages, rather than to bounce them.

  53. Nick Healey

    Glass houses, you guys - it's not just the military

    Shortly after I left Symbian in 99, to start up as in independent designer, I registered "symbain.com", after I mistyped an email and it bounced back.

    I hasten to add this is all above board, as I use it to show people - the people who make this very typing mistake - that without user-centred design their security technology doesn't work: a little user-centred design and you just accept that on occasion we'll find ourselves unable or unwilling to encrypt everything, and on occasion we'll make addressing errors too. So email software ought to watch out for addressing errors - they're generally trivial to catch.

    Anyway: emails still come in to "symbain.com" every day, and the commonest are from you techies, debating bugs and specs between Symbian and partner companies.

    To me, though, it's just inevitable human nature, and it's the designers of the email programs who are at fault for such emails getting through.

  54. Anonymous Coward
    Go

    Would this be some kind of defence for Gary McKinnon?

    I'm a bit ambivalent about what he did (flying saucers indeed! Pah, doesn't he know by now that the Greys all teleport direct from the 8th dimension?), but it might knock a hole in the rather superior attitude of the prosecution claiming all that $ damage when he points out they just send the stuff around willy-nilly.

    If he does end up taking an unwanted holiday (for him, lets remember that many people literally die trying to get there as its better than home) in the US, it would be quite a laugh if a US jury found him not guilty and sent a strong message to the mil/gov IT staff that they really should up their game. After all its (hopefully) our security that they are looking after.

    No black helicopters here please. The landing pad is full already....

  55. Nick

    Re: Guilty of receiving mail not addressed to him?

    AC wrote:

    "I, for one, suck in any e-mail addressed to nonexistent addresses on my domain, no bounces here, no sir. Though it doesn't get read, it just gets piped to /bin/true. You wouldn't believe the number of imaginary addresses spammers try, either."

    Are they spam to imaginary addresses at your domain or are they bounces which used imaginary addresses from your domain in the From: field. I had lots of trouble with the latter because:

    A spambot opened an smtp connection to my domain, sent a "RCPT TO:" for a random address, got a "250 OK" back and then broke the connection.

    It then knew that all addresses at the domain are valid and wouldn't raise any flags with anti-spam.

    Spambot then sent out thousands of spam emails using fake names at my domain, most of which bounced and ended up in my inbox.

    If you're eating all your mis-directed mail then spammers may use your domain name to send spam. I doubt it will cause you any problems but I was worried about ending up on spam blacklists.

  56. Dave
    Alien

    Incompetence

    This is on the same scale of incompetence that allowed 'hacker' Gary Mckinnon to gain access to US military systems. I used the term 'hacker' in inverted commas because what he actually did was log into systems with either default or blank (that's right - blank) passwords.

    Technically, the owner of mildenhall.com is now in posession of information not intended for his consumption, I wonder if these emails carried the usual disclaimers telling the unintended recipient to discard the email if received?

    Nah, don't be stupid ;-)

    ET is involved here somewhere, or so Mr Mckinnon would have us believe.

  57. Anonymous Coward
    Boffin

    Advanced e-mail

    @Anonymous Coward

    "Why didn't the guy just configure the site's mail server to reject any emails that weren't for the addresses he actually used? The only reason I can think of is that he *wanted* to carry on receiving all that stuff."

    You must be American, judging by your limited imagination and ‘whenever we make a mistake, it’s really because someone asked for it’ attitude.

    I have the same setup as this guy: I have a mail server setup that allows me receive every mail sent to @mydomain.dom

    Why? Because, when I register at a website, I can use a different e-mail address for each website (without the need for actually setting up a new e-mail address on my mail server).

    Thus, on The Reg, I use the e-mail addy; www.theregister.co.uk@mydomain.dom, on Digg I use www.digg.com@mydomain.dom and so on.

    If someone sells my e-mail address to a Spammer, I can block that address on the server, and I can see who didn't live up to their "we will never sell your address..." OR has a security leak. And report it.

    Sure, I get a little spam send to random e-mail addresses @mydomain.dom, but less than you might expect (thanks in part to my spam filter), especially compared to email-addresses I've used on sites using the method mentioned above.

    Works great. And it’s my domain, so I can do whatever I damn well please with it.

    And no, it doesn't mean, I *want* your military secrets.

  58. Karl Lattimer

    worrying

    Korea owns GCHQ.com... Oh dear, Oh very fucking dear...

    Chances are the REAL GCHQ haven't noticed

  59. Dr. Mouse Silver badge

    LOL

    OK, this is a standard case of PEBKAC. The sort of thing I get all the time at work. In fact, so often that my users actualy know what PEBKAC means.

    1) The users in question obviously had no brains if they can't even remember an email address.

    2) The admins were idiots as, as soon as this started to happen, they could easily have blocked the domain and bounced the emails informing the sender of the correct domain to use.

    3) The guy in question INFORMED them of their mistake. He is certainly not the only person to use a catch-all address. I know I do with my personal domain. I have my regular email addresses, several auto-responder and/or automaticaly processed addresses, plus a catch all just in case someone misspells my name. I trawl that once a week or so, just in case.

    4) The flight plan of air force 1 was sent in a cleartext external email?!?! Do these guys klnow nothing.... oh, shit, forgot they are Yanks :P

  60. Jon

    mildenhall.us

    Theres no point with mildenhall.us as obviously they just add .com. What you need are the names of other bases with .com eg briezenorton.com. is that available?

  61. David Gosnell

    Re: Misdirection

    > Would it have hurt them so much to reward me with a freebie flight?

    What, and risk ending up somewhere like Beirut instead of Barbados?

  62. Peter Campbell-Banks
    Unhappy

    The UK-US 'Special Relationship'!!!

    What chance do we have, with 'friends' like these.

    No wonder the government is going crazy about 'terorist threats'.

    It is right on their doorstep, but guess what, nobody can see it.

    Either that or they cannot be arsed to do anything about it.

  63. JPatrick
    Black Helicopters

    "Special Relationship"

    Couldn't he have auto-forwarded these emails to GCHQ or SIS? Afterall it's not like the Americans don't tell us everything anyway, so they wouldn't mind..... now how do I post this anonymously?

  64. Anonymous Coward
    Anonymous Coward

    Not just the USAF

    Before we all get carried away with the 'stupid septics' line - not many years ago I ran telecoms for a large business located near RAF Strike Command. We had a range of phone numbers, some of which were not dissimilar to those used by the RAF. Did we use to receive calls saying: "can I speak to Lt xxx?" - yes we did. But my personal fax number was just a transposed digit away from a fax machine at the RAF. More than once I received a fax detailing flight plans for military operations. I would reply with a polite message indicating that they might well have sent this info to the wrong recipient.

    Regarding the current furore, I believe that it's not possible to send emails from within a 'Classified' system to a non-classified email address (Chapter 1 of Security for Dummies). This would lead to the surprising conclusion that the flight plans of Air Force 1 are not considered secret. But since the Washington press corps are usually briefed on such travel plans in advance, maybe they're not classified after all.

  65. Jamie
    Linux

    Wikileak

    This is what this site was created for. Make all the documentation public, which will piss off a lot of big wigs and possibly cause the Senate or Congress to light a fire under some of these boobs to fix this.

  66. Kwac
    Thumb Down

    @Bruce Sinton

    "As the internet was invented by a Democrat, Mr.A. Gore , maybe it was left unsafe just to trap the simple Republican President."

    No, he didn't say that despite what the "Communist News Network" told you.

    What are your motives for perpetuating the lie?.

  67. amanfromMars Silver badge
    Alien

    The Problem sits at the Top.

    "it would be quite a laugh if a US jury found him not guilty and sent a strong message to the mil/gov IT staff that they really should up their game. After all its (hopefully) our security that they are looking after."

    AC, why wait whenever IT is so bad ...... Mil/Gov IT, up your game and change your game would assist you. The world and his dog have moved on from Sticks and Stones and uniformed dysfunctional men planning Wars in Dumb Assed Games.

    info@gchq.com .... "Korea owns GCHQ.com... Oh dear, Oh very fucking dear...Chances are the REAL GCHQ haven't noticed" ... By Karl Lattimer

    Posted Tuesday 4th March 2008 10:14 GMT

    Nothing to worry about, Karl? That would Seoul Korea and not Pyongyang Korea so presumably the REAL GCHQ would know more than enough or would like to give the impression that they know more than enough. An easy enough trick perpetrated by Silence lest their Response is Meticulously MetaData Analysed making them effectively Prisoners in their Own Minds and not Fit for Any Constructive Purpose.

  68. Anonymous Coward
    Anonymous Coward

    Just Publish Everything

    Why not just publish all the information that he got on that website.

    It isn't like the Americans could possibly complain that putting the lives of their military and rulers at risk is irresponsible and therefore shouldn't be done.

    After all it was those idiots who gave the precedent.

  69. amanfromMars Silver badge
    Thumb Down

    And if you don't need any money for Intel ...here's a cushy job ... for they aint paying.

    "Sec. 3. Establishment of the President's Intelligence

    Advisory Board. (a) There is hereby established, within

    the Executive Office of the President and exclusively

    to advise and assist the President as set forth in this

    order, the President's Intelligence Advisory Board

    (PIAB).

    (b) The PIAB shall consist of not more than 16 members

    appointed by the President from among individuals who

    are not employed by the Federal Government.

    (c) The President shall designate a Chair from among

    the members of the PIAB, who shall convene and preside

    at meetings of the PIAB, determine its agenda, and

    direct its work.

    (d) Members of the PIAB and the Intelligence Oversight

    Board (IOB) established in section 5 of this order:

    (i) shall serve without any compensation for their work

    on the PIAB or the IOB; and .... " ...... By Presidential Executive Order ... http://cryptome.org/eo13462.htm

    Should somebody tell George ...... Pay Peanuts, Get Monkeys?

  70. Mark
    Alert

    The guy could have helped himself

    Seems the admin at mildenhall.com could have helped himself with a more friendly and informative email. His message "xxx@domain.com is using an incorrect email address you must have supplied yourself. Get it fixed NOW!" is a bit terse.

    If he had pointed out the likely correct domain, offered instructions on how to go about correcting their error and pointed out that the incorrectly addressed email was never going to reach the intended address he may have increased his quality time.

    Still no excuse for the barage of abuse he got - more here http://web.archive.org/web/20070328175245/http://www.mildenhall.com/

  71. TrishaD

    @Kwac

    "As the internet was invented by a Democrat, Mr.A. Gore , maybe it was left unsafe just to trap the simple Republican President."

    No, he didn't say that despite what the "Communist News Network" told you.

    What are your motives for perpetuating the lie?.'

    I believe that its called humour, dear heart........

  72. Anonymous Coward
    Anonymous Coward

    Mildenhall

    Typical! Althought they hijacked the internet the Yanks are never wrong(?) except when they are wrong. I have long outdated experience of working with them in the 1960s and it was exactly the same then within the Air Traffic Service in the military organisation. We had all sorts of problems with them sending, duplicating and overwhelming us with information which was of little or no use as by the time it arrived the information was outdated. Glad to see that the status quo has been mamtained for the last 45 years.

  73. Anonymous Coward
    Happy

    Yew Gonna Go ta GITMO, Boah

    Rather than:

    A) Admit Error (VERY un-American. Only Commies make mistakes);

    B) Fix the Problem (Did he say "Over a DECADE"?); or

    C) Discipline the SHITS who sent his email to spammers for DOING THEM A FAVOR;

    They'll probably offer him an orange jumpsuit, a dog collar and black hood.

    A CIA flight will be landing at the airfield any minute...

    Have a nice day!

  74. David Cornes
    Black Helicopters

    Military intelligence?

    There's unsurprisingly already 70+ comments on this, all I'm gonig to add is that any prick who's sending confidential and/or classified information via EMAIL deserves to be court-marshalled and banged up for a long time!

  75. Nux Vomica
    Coat

    Not sure we would have responded much better over here.......

    A couple of years back I stumbled across a website called kno3.com, which seemed to sell a suspiciously large number of explosive precursors in suspiciously small quantities, as well as a number of other interestingly dangerous substances. DMSO can be used with a wide range of poisons for instance and I can't think of a legitimate use for 5 metre lengths of plastic igniter cord. (Fun -yes, legit - no. I had an excitingly unsupervised childhood!)

    Look it up on the Wayback Machine

    http://web.archive.org/web/20060104051430/http://www.kno3.com/

    Anyway, I tried reporting this to several different law enforcement agencies over about 3 months, but the site stayed up for well over a year, leading me to believe that it was either a honey trap, or more likely another indicator of just how much bollocks is reported in the media about the terrorist threat. Ill informed speculation being much more fun than dull fact, it seemed that a dreamed up device like a dirty bomb was more threatening than conventional explosives being openly offered for sale.

    Mines the one without arm holes.

  76. Astarte

    A Proactive alternative solution . . . .

    . . . . to losing discs or having laptops stolen or lost. At least the US are ahead this time!

  77. Frank Bough
    Alert

    How Big?

    ""I was being sent everything from banal chat and jokes, to videos up to 15mb in size," Gary Sinnott, owner of mildenhall.com, said"

    Wow, 15 millibits IS pretty large for a video, the strain must've been tremendous.

  78. Anonymous Coward
    Paris Hilton

    It happens

    When I was working at XXX I got a invitation to a dinner event that included the PM. The invitation was for a more well known name-sake and I informed he sender about it straight away, too wich the sender said you sound a fine chap, your welcome to attend if you like.

    Well not as comparable given me drawing this to the senders attention didn;t result in spam in any way, but we are a ocean apart in many area's.

    For the record I declined the kind offer as pengiun suits wasn't my style and I'm not a big social event type at all.

    That said I did also a couple of years later just before y2k recieve a rather interesting FAX from the USA, again for my name sake. Now that was sensitive then IMHO so I'll carry that to the grave. But it was personaly brought to the attention of the reciepiant about the senders error so i might of got spammed had I been more open about it I guess :).

    But bottom line any form of automation or indeed automated form of aiding or assistance can only experdite human error.

    Remember in the old days of IT you had DDE were two typists would type in YOUR CODE :), and any differences were flagged for a 3rd typist to action.

    I dont see Double Data Entry being used much thesedays, even the banks dont. This meant computer problems pre 1984 were actualy computer problems and post 1984 and most likely human error, go figure.

  79. Tom Kelsall

    Surely...

    Call me an uninitiated fool... but surely even encryption would not have helped here?? If the mail was sent to dave.smith@mildenhall.com and Gary (bless him) bought a certificate in that name then he could exchange keys and read email sent to that address... if he wasn't the honest Injun he could make a FORTUNE selling said info and say nothing to anyone...

    Just a thought.

  80. amanfromMars Silver badge
    Alien

    Back to the Future .... :-)

    "There's unsurprisingly already 70+ comments on this, all I'm gonig to add is that any prick who's sending confidential and/or classified information via EMAIL deserves to be court-marshalled and banged up for a long time!" .... By David Cornes Posted Tuesday 4th March 2008 13:14 GMT

    What would you do, David, re-enlist the Pigeon Post or Pidgin Posts?

  81. MS
    Flame

    Streisand effect?

    He should have just posted all the emails he received as a torrent on the pirate bay.

    THAT would have gotten the problem fixed pretty quick.

  82. Madeye
    Pirate

    An eye for an eye

    Well, I'd hate to be the one to start anything, but has anyone actually asked USAF why they haven't sorted it out yet ... ?

    http://www.mildenhall.af.mil/main/contactus.asp

  83. Anonymous Coward
    Anonymous Coward

    confusing article

    It would have been insightful for the article to note that there is a RAF base at Mildenhall and also that the USAF has a presence there... I was initially confused after reading the article...

    and yes... I'm a yank, but apparently not as widely versed in the locations of our military as Dan is...

  84. Anonymous Coward
    Anonymous Coward

    Applicable US law...

    Sending classified information ANYWHERE via e-mail, whether encrypted or not, is flat-out illegal. Sending it out-of-country also violates ITAR, for a separate jail term.

    So, the really nasty (and effective) thing for the unfortunate Mildenhall bloke to do is to forward all such e-mail to the attention of the security officer at the Air Force base in question. If that hasn't caused a response within a week (and believe me, you'll KNOW when you get a responsible reply), then just add the Air Force Inspector General to the CC list. Stir and enjoy...

  85. John Macintyre

    @Tom Kelsall

    To some degree that's not the case, the assumption is some form of encryption such as pgp (bit shit for military) or a higher military-grade method would mean the file would need an actual key, and the knowledge of what encryption technique was being used. of course that's not to say our wonderfully smart friends across the ocean wouldn't send a follow-up email with these details, or if a simple email back would result in this info being happily provided by the technically retarded sender...

  86. Anonymous Coward
    Stop

    Come on, think for @#$% sake

    First of all, I can't see the military sending his site to spammers, (though there are some people that might, most of them would be grateful to know what is going on.) More than likely, this story hit the Internet waves and the spam bots picked it up.

    As for stupid people in the military, I wish they would figure out how to find some-one's address in the global directories or wherever they are looking. Being tech savvy, I was one of the first to get an army email address. There are over 20+ people in the army / DOD network with my same name. (Who would have thought?) They addresses use a standard naming convention, and with mine being the first, I am at the top of the list. Whenever anyone wants to email their buddy, John Doe, they automatically assume his address is mine. They don't even think of jd1 or jmd or asking what it is.

    I've received school confirmations, travel requests, housing confirmations, NCO & Officer Evaluations (NCOER & OER) reports, battle plans, meant for everyone from CW4s, Colonels, DOD contractors and the like. One time I even received a condolence for someone in another unit dieing. Sometimes I do a search on the Global Address book and forward it to the right person, CCing the original sender. Usually I just send a nice note back saying that I am not the person they are looking for. Usually I will get a thank you, and that is that.

    The biggest problem is that most of our brass are not technically inclined. Oh well, hopefully that means they know what they are doing on the battlefield instead. One can only hope.

  87. Daniel B.
    Alert

    Hm... nice...

    ... and me thinking that was the whole idea behind NIPRNet and SIPRNet:

    http://en.wikipedia.org/wiki/SIPRNET

    to have all "sensitive" traffic go through the secure, encrypted, physically separated from the rest network. (the concept someone above pointed out as the "green" and "red" network.) And even *if* you have to send stuff over the not-so-secure network, there's a metric ton of crypto software/hardware in the military for that.

    Stuff like this makes me think that if the internet had existed back in WW2, GCHQ would have been out of a job, as anyone setting up a *@luftwaffe.com or *@kriegsmarine.com addy would have got more info than anyone else...

  88. I.M.Fantom
    Gates Halo

    Register *.mil as *.com ?

    This means that Al Quada should register any *.af.mil type of addresses as *.com to receive future plans of the USA?

  89. Stuart
    Heart

    @AC RE:@Stuart

    Hey Mr AC, sir, this may be the first/last/blocked by moderator apology ever posted, delete as aplicable, well that I've seen anyway. My we are a feisty bunch, and I plead guilty that my 1st post, although in moderate good humo(u)r, was a bit of an unwarranted dig especially as most people had already sunk your mailserver configuration idea. Plus in my defence you never mentioned To: or From: in your original post; although I do concede that "for" could be stretched into an inference. I do apologize; I had my don't open mail from people you don't know, antivirus, head stuck on but even a mistake in the To: field could be valid as hefen fourbid:-) mispellinks haf bin noen to happen. Yes I know, I know, it's possible but I'd hate to create a custom filter to handle every possible/plausible/omitted/adjacent character misspelling of any name.

    So, yes I'm a doofus, doofus, doofus. Anyways you should go check out the archive (address is in someones post above) as some of the belligerent yank replies, to being kindly informed that they're stupid for mailing to the wrong address, has entailed some of the most disgusting, island bashing, racist rhetoric possible. Such that, I now think us registeronians engage in the most genteel, polite, back-slapping discourse possible. 'Now would someone kindly pass the tea and one of those petite crumpets, please'

    Kindest Regards to all Stu

  90. Anonymous Coward
    Black Helicopters

    *blinks*

    Having worked for companies that are involved in defence and hence using networks that had restricted data on them, I have to wonder how they were able to send classified information via unclassified email. I'm not sure what the actually policy is for the US, but for the UK you *can* send UNCLASSIFIED email from a RESTRICTED network (but no higher) providing that you ackowledge that it is UNCLASSIFIED and then it would have to pass through a filter looking for various keywords, which if they were found would flag the email for manual inspection. If it was something innocent the email would be sent, otherwise it would be rejected and you would get a slapped wrist, the severity of the breach would dictate the size of the slap. You could try and circumvent the filter if you really wanted to, but obviously that would be a bigger slap, possibly dismissal. Anyway, I would expect the US to have a similar system.

    So what is going on here? The options that I can see are:

    1) None of the email information is actually CLASSIFIED or higher and there is no security issue, but still the issue of sending sensitive info to the wrong email address

    2) There is something wrong with the network setup if it allows users to send CLASSIFIED information via UNCLASSIFIED email, which sounds like a network admin issue.

    3) The users are sneakernetting the information from a CLASSIFIED network to an UNCLASSIFIED network to circumvent network security.

    Frankly none of the options make the US military look good.

  91. Steve Liddle
    Black Helicopters

    kno3 site owners in trouble, someone reported them...

    www.kno3.com details the extradition of the legal owners of the company running a legal registered specialist chemical company to the UsA on terrorism charges, makes for interesting reading.

    The mildenhall site I did read a while back, might even have saved what was on the site to disk, but nothing fancy and nothing bad, just a bunch of yanks posing with some rather specialist kit...

  92. teknickle
    Linux

    Gore used the term 'created'..take a listen

    "As the internet was invented by a Democrat, Mr.A. Gore , maybe it was left unsafe just to trap the simple Republican President."

    No, he didn't say that despite what the "Communist News Network" told you.

    What are your motives for perpetuating the lie?.'

    What lie?

    Who the hell said this then?

    http://www.hotchicksdrooling.com/algore_internet_inventor.mp3

    Maybe YOU should stop apologizing for a puppet.

  93. Pierre Silver badge
    Paris Hilton

    U-s-Born Lusers

    That shows how much the US military actually fear terrorism. Good enough to force privacy invasion, war and huge military bills upon citizens (and other countries), but not something to be actually afraid of...

    But Under Black Leaves shines the Uncomparable Bright Light and Ultimate Bearers of Lances who are Used to Batter Lamerica and will hopefully get us rid of Greasy Weasels and Badgers by a flight on The Winged Avenger, and all that Commonly Insane Argument, Not Safe Altogether crap.

    Now I hesitate. Black copters or amanfromMars icon?

    I'll go for the head of (military?) suckage instead (bad puns intended).

  94. Wolf
    Unhappy

    Been there, experienced that

    I had the same desaster with the adress wdr.org that had been given up by Swiss bank Warburg Dillon Read (now UBS) in the 90th when they got wdr.com, which had been given up by Westdeutscher Rundfunk Köln (German TV)

    Every day I got hundreds of porn newsletters, baby pictures, copied computer games ("as this will be illegal soon, I'll send you all my expensive software now!"), movies - and secret stuff of the U.S. police in Chicago about how to get around the people trying to disturb the G7 meeting. The most funny one was a mail of a young guy in India asking his mother to clean up his room as his GF was coming over the next day - and then next day complaining that mom had not done what he had asked for!

    At the beginning I told people they were wrong, and the reaction was like it is described here: Ignorance, aggression, and things like "you are a criminal, you are a hacker, I will complain at the IT boss" - and five minutes later an email to postmaster@wdr.org asking to fire this individial that is reading the emails...

    The problem was, I only had webspace, it was not my server. That was already expensive enough in those days. So I could not do anything about the mail setup. That hoster was not able to send back mail to non existing addresses. Which made things worse when someone started spamming with faked addresses.

    And I only had a modem - that was long before DSL.

    So those 20 MB each and every day were really annoying!

    Could not get worse? It did. In 2000 Westdeutscher Rundfunk Köln decided they wanted those domains back. So they sued the bank and me over a sum of 500.000.- . Even the bank gave up.

    When I told them my whole email was running over those accounts and I did not want my private stuff on TV, they should at least give me 14 days, they said "to prove that we are not in bed with you we need to have your email!" and sent a cease-and-decist letter to hand over everything within 51 hours. Then they lied to Network Solutions and Deutsche Telekom, said they had bought the domain, to steal it before I could download my mail (I was in the middle of moving from one end of Germany to the other in those days).

    Later conversation went even further down the belt, when they said, it is my private problem if I use email for private or even intimate topics, as it is a broadcast medium (yes, you have to pay a TV fee for email in Germany by now!).

    As a journalist people have to be able to send me information without it being stolen, but I cannot afford it, still paying the depts they caused me in 2000.

    So yes, there are people that are too stupid to realize they are sending mails to the wrong person. But there are also people that want to steal email on intention. And the German authorities appreciate this. The Cologne authorities (Staatsanwalt) made a decision, that hijacking and deleting other people's email is legal, as email is not a real thing like a letter on paper. Great! So phishing is legal too, as nobody robs real paper money, eh?

    Some people here are quite upset about the activities of state official Wolfgang Schäuble, trying to put trojans on your PC to supervise you. But I don't worry about the police invading my privacy, when public TV already insists on the right to steal my email and broadcast them on TV or put them online to harass me and my family.

    See http://www.dl2mcd.de/domaine.html

    Some years ago someone said to me, people need 20 years to understand how the internet works. By now I think they will never do so.

  95. amanfromMars Silver badge
    Alien

    AI NeuReal Command ...... in Commend 42 Control Protocols*

    "So, the really nasty (and effective) thing for the unfortunate Mildenhall bloke to do is to forward all such e-mail to the attention of the security officer at the Air Force base in question. If that hasn't caused a response within a week (and believe me, you'll KNOW when you get a responsible reply), then just add the Air Force Inspector General to the CC list. Stir and enjoy..." ... By Anonymous Coward Posted Tuesday 4th March 2008 17:33 GMT

    I wish you luck in finding their e-mail addresses, AC. :-) They aint really interested in listening so it is normal for them to hide themselves away in the shadows to be able to plead Ignorance rather than be seen as Arrogant whenever the Audits on Performance start Probing.

    Eventually one starts to Realise that their Control of the Situation is a Myth and they are Vulnerable to Exploitation, which is Best Beta Circumvented by Considering any of their Prospective Input Probably best Classified as Irrelevant and Self-Serving anyway, and just re-invent the Service they should be providing elsewhere under Beta Controls.

    *..... For Real High Flyers ....... ARGonauts. ...... into Fleet AIR&dD Arms Patrolling ITs ControlLed Spaces.

  96. Anonymous Coward
    Coat

    Re: Bush's Schedule

    He should have sent replies to those emails he received saying something like:

    ---

    Sorry guys, we've had to change the schedule for POTUS. It's now lap dance club @ 10.30, presidential debate @ 12.15, pre school english lesson @ 12:20 to 18:30. Let's hope he learns something this time ay. Ooh-rah.

    Regards

    Mr I. Diot

    Head of Top Secret US Operations

    > From: idiot@usa-top-secret-government-agency.cia

    > To: possible-t3rrorist-who-knows@mildenhall.com

    > CC: "Big List of Friends and Family"

    > Subject: Bush's Schedule

    >

    > Bush's schedule for the day is as follows:

    > ... <snip>

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019