Military insecurity

How a small English town ended up with the flight plans for Air Force One

The Internet is just shy of its 20th commercial birthday. Given that, and the fact that the Internet is based on technologies that are open, well-documented, and well-understood, you'd think that all serious enterprises that connect their e-mail systems to the Internet would be capable of ensuring their security and protecting their assets.

When I write "serious enterprises" I'm thinking about really big ones like, oh, say, the United States Air Force. The USAF is responsible for the safety of millions of people, including the president when he 's jetting around on Air Force One, and has a budget of billions of dollars to do the job.

The following might seem like a bit of a digression, but stick with me, we'll join up the bits in a moment.

There is a town over in Jolly Old England called Mildenhall in the delightful county of Suffolk where once upon a time (actually March 1997) a gentleman by the name of Gary Sinnott decided that his town needed a Web site.

Sinnott created a very nice site that included a diary and local news, pictures of the town and area, the area's history, and so on. All was well in this webified corner of that green and pleasant land until around 2000 when mildenhall.com started getting a lot of incorrectly addressed e-mail.

If you take the A101 north out of Mildenhall and drive for roughly 5 kilometers (they are, after all, Europeans) you will arrive at the gates of Mildenhall Air Force Base which is shared by both the United Kingdom (it's actually RAF Mildenhall) and the USAF.

Now, when you connect naive users to the Internet and let them use e-mail, what mistake do they pretty much always make? Yep, they assume that every destination is in the .com domain. Thus it was that people both inside and outside the military started sending messages to mildenhall.com rather than mildenhall.af.mil.

Two problems came of this. First, the sheer volume of e-mail overwhelmed Sinnott and his server, and second, much of the content was nothing he ever wanted to see. This included (these are Sinnott's words): "SPAM. Loads of it! Military data -- some very interesting. Personal information -- some very personal. Some of the worst multimedia clips I've ever seen or heard. [And] interesting insights into what some Americans consider to be pornographic."

But the most interesting stuff in this motley collection was military data, which included -- and I am not making this up -- classified battlefield strategies as well as the flight plans for Air Force One!

When Sinnott told the US military about the misaddressed messages back in the early 'Oughts they were somewhat disinterested and carried on being disinterested for several years. According to The Register, "Officials advised Sinnott to block unrecognizable addresses from his domain and set up an auto-reply reminding people of the address for the official air force base."

This, of course, would not solve either Sinnott's problems or those of the military.

Eventually Sinnott did follow one piece of the USAF's otherwise rather useless advice -- "Get rid of the domain." Sinnott killed off his Web site (you can see his final posting via the Wayback Machine).

This was a spectacular example of incompetence and complacency on the part of US military security and all the more worrying considering the amount of money and effort we're told is being put into national defense. I wonder how many more years will have to pass before military security is at least as good as the average enterprise?

Gibbs is secure in Ventura, Calif. Lock down your response at backspin@gibbs.com.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Mark Gibbs

Network World
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?