« So glad they're on the job to keep us *cough* safe *cough* | Main | Evil Terrorist Salad Causes Evacuation »

More stupidity brought to light in a JSQ article

Military Information Security:



bagram_overview.jpg
I suppose we shouldn't be surprised that the U.S. military
doesn't seem to be any better about information security
than

companies or

other parts of government:


Detailed schematics of a military detainee holding facility in southern
Iraq. Geographical surveys and aerial photographs of two military
airfields outside Baghdad. Plans for a new fuel farm at Bagram Air Base
in Afghanistan.


The military calls it "need-to-know" information that would pose
a direct threat to U.S. troops if it were to fall into the hands of
terrorists. It's material so sensitive that officials refused to release
the documents when asked.


But it's already out there, posted carelessly to file servers by
government agencies and contractors, accessible to anyone with an
Internet connection.



Military files left unprotected online,
By Mike Baker,
Associated Press Writer,
Thu Jul 12, 8:03 AM ET


Surely they know better than this?


Apparently some military contractors are depending on security
by obscurity:


A spokeswoman for contractor SRA International Inc., where the AP
found a document the Defense Department said could let hackers access
military computer networks, said the company wasn't concerned because
the unclassified file was on an FTP site that's not indexed by Internet
search engines.


"The only way you could find it is by an awful lot of investigation,"
said SRA spokeswoman Laura Luke.



And the AP seems to think that if it destroys the copies it picked up,
nobody else has copies:


The AP has destroyed the documents it downloaded, and all the material cited in this story is no longer available online on the sites surveyed.

Well, that's wishful thinking.


Given that much of this information
can be found in

satellite imagery originating outside the military,
and which foreign governments presumably also have,
one wonders just how sensitive some of this information
really is.
Meanwhile, the U.S. military has time

to block soldiers' access to myspace.
This makes me wonder.


What's the real point here:
actual sensitive military secrets too visible,
or Internet bad and needs suppressing?


But Mark Moss, a Charlotte-based FBI agent who focuses on online security,
said foreign intelligence agencies spend a lot of time on the Internet
because online intelligence-gathering is cheap, quick and anonymous.


"If they steal your technology through the Internet, it's overseas in
an instant," Moss said. "It's the perfect conduit."


This is like blaming the air for transmitting voice messages.
Ah, the Internet: perfect conduit for foreign intelligence agencies!
Blame the communications infrastructure for mistakes by those who
put information on it.
Then attempt to solve the problem by simply taking down the servers,
instead of finding ways to distribute it securely to those who actually
need to know.
And emphasize national intelligence agencies when the actual enemy
is mostly a variety of small self-funding non-national groups;
groups that manage to use the Internet for their own direct
and stigmergic communications and don't seem overly concerned
about leaks.
Asymmetric warfare indeed!


-jsq

Posted by mikki on July 18, 2007 12:14 PM |

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)