Military insecurity

How a small English town ended up with the flight plans for Air Force One

The Internet is just shy of its 20th commercial birthday. Given that, and the fact that the Internet is based on technologies that are open, well-documented, and well-understood, you'd think that all serious enterprises that connect their e-mail systems to the Internet would be capable of ensuring their security and protecting their assets.

When I write "serious enterprises" I'm thinking about really big ones like, oh, say, the United States Air Force. The USAF is responsible for the safety of millions of people, including the president when he 's jetting around on Air Force One, and has a budget of billions of dollars to do the job.

The following might seem like a bit of a digression, but stick with me, we'll join up the bits in a moment.

There is a town over in Jolly Old England called Mildenhall in the delightful county of Suffolk where once upon a time (actually March 1997) a gentleman by the name of Gary Sinnott decided that his town needed a Web site.

Sinnott created a very nice site that included a diary and local news, pictures of the town and area, the area's history, and so on. All was well in this webified corner of that green and pleasant land until around 2000 when mildenhall.com started getting a lot of incorrectly addressed e-mail.

If you take the A101 north out of Mildenhall and drive for roughly 5 kilometers (they are, after all, Europeans) you will arrive at the gates of Mildenhall Air Force Base which is shared by both the United Kingdom (it's actually RAF Mildenhall) and the USAF.

Now, when you connect naive users to the Internet and let them use e-mail, what mistake do they pretty much always make? Yep, they assume that every destination is in the .com domain. Thus it was that people both inside and outside the military started sending messages to mildenhall.com rather than mildenhall.af.mil.

Two problems came of this. First, the sheer volume of e-mail overwhelmed Sinnott and his server, and second, much of the content was nothing he ever wanted to see. This included (these are Sinnott's words): "SPAM. Loads of it! Military data -- some very interesting. Personal information -- some very personal. Some of the worst multimedia clips I've ever seen or heard. [And] interesting insights into what some Americans consider to be pornographic."

But the most interesting stuff in this motley collection was military data, which included -- and I am not making this up -- classified battlefield strategies as well as the flight plans for Air Force One!

When Sinnott told the US military about the misaddressed messages back in the early 'Oughts they were somewhat disinterested and carried on being disinterested for several years. According to The Register, "Officials advised Sinnott to block unrecognizable addresses from his domain and set up an auto-reply reminding people of the address for the official air force base."

This, of course, would not solve either Sinnott's problems or those of the military.

Eventually Sinnott did follow one piece of the USAF's otherwise rather useless advice -- "Get rid of the domain." Sinnott killed off his Web site (you can see his final posting via the Wayback Machine).

This was a spectacular example of incompetence and complacency on the part of US military security and all the more worrying considering the amount of money and effort we're told is being put into national defense. I wonder how many more years will have to pass before military security is at least as good as the average enterprise?

Gibbs is secure in Ventura, Calif. Lock down your response at backspin@gibbs.com.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Mark Gibbs

Network World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?