Military insecurity

How a small English town ended up with the flight plans for Air Force One

The Internet is just shy of its 20th commercial birthday. Given that, and the fact that the Internet is based on technologies that are open, well-documented, and well-understood, you'd think that all serious enterprises that connect their e-mail systems to the Internet would be capable of ensuring their security and protecting their assets.

When I write "serious enterprises" I'm thinking about really big ones like, oh, say, the United States Air Force. The USAF is responsible for the safety of millions of people, including the president when he 's jetting around on Air Force One, and has a budget of billions of dollars to do the job.

The following might seem like a bit of a digression, but stick with me, we'll join up the bits in a moment.

There is a town over in Jolly Old England called Mildenhall in the delightful county of Suffolk where once upon a time (actually March 1997) a gentleman by the name of Gary Sinnott decided that his town needed a Web site.

Sinnott created a very nice site that included a diary and local news, pictures of the town and area, the area's history, and so on. All was well in this webified corner of that green and pleasant land until around 2000 when mildenhall.com started getting a lot of incorrectly addressed e-mail.

If you take the A101 north out of Mildenhall and drive for roughly 5 kilometers (they are, after all, Europeans) you will arrive at the gates of Mildenhall Air Force Base which is shared by both the United Kingdom (it's actually RAF Mildenhall) and the USAF.

Now, when you connect naive users to the Internet and let them use e-mail, what mistake do they pretty much always make? Yep, they assume that every destination is in the .com domain. Thus it was that people both inside and outside the military started sending messages to mildenhall.com rather than mildenhall.af.mil.

Two problems came of this. First, the sheer volume of e-mail overwhelmed Sinnott and his server, and second, much of the content was nothing he ever wanted to see. This included (these are Sinnott's words): "SPAM. Loads of it! Military data -- some very interesting. Personal information -- some very personal. Some of the worst multimedia clips I've ever seen or heard. [And] interesting insights into what some Americans consider to be pornographic."

But the most interesting stuff in this motley collection was military data, which included -- and I am not making this up -- classified battlefield strategies as well as the flight plans for Air Force One!

When Sinnott told the US military about the misaddressed messages back in the early 'Oughts they were somewhat disinterested and carried on being disinterested for several years. According to The Register, "Officials advised Sinnott to block unrecognizable addresses from his domain and set up an auto-reply reminding people of the address for the official air force base."

This, of course, would not solve either Sinnott's problems or those of the military.

Eventually Sinnott did follow one piece of the USAF's otherwise rather useless advice -- "Get rid of the domain." Sinnott killed off his Web site (you can see his final posting via the Wayback Machine).

This was a spectacular example of incompetence and complacency on the part of US military security and all the more worrying considering the amount of money and effort we're told is being put into national defense. I wonder how many more years will have to pass before military security is at least as good as the average enterprise?

Gibbs is secure in Ventura, Calif. Lock down your response at backspin@gibbs.com.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Mark Gibbs

Network World

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?