USAF email security SNAFU in UK (and no-shorts.ar)

It's IT Blogwatch: in which The U.S. Air Force gets caught sending classified data in unencrypted email. Not to mention how Sprite is advertised in Argentina...

Tom Chivers reports:

A tourist information website promoting a small [English] town has had to shut down after it received a barrage of thousands of classified US military emails ... Sensitive information ... swamped Gary Sinnott's email inbox after he established www.mildenhall.com, a site promoting the tiny town of Mildenhall where he lives ... Mildenhall [also] is home to a huge US Air Force base ... Mr Sinnott said: "You wouldn't believe some of the stuff that I have been receiving - I wonder if they ever had any security training ... then I began to receive military communications from all over the world - a lot containing very sensitive information. more

Emily Dennis adds:

Top secret messages that terrorists would have given their eye teeth for were being sent to his private computer - and he found it impossible to stop them. What began as a slow trickle of mundane messages soon escalated and hundreds of classified emails were sent from around the world ... Mr Sinnott, who is in his mid 40s, said that when he initially reported the problem airbase officials did not appear phased. “At first their attitude was we are not worried, we are American, our security is great ... Some were classified, some were personal. A lot had some really sensitive information in them. They were just banging in email addresses without checking”. more

Mike Masnick shudders:

Emails intended for Air Force personnel at the Mildenhall Air Force base (who uses the domain mildenhall.af.mil) were being misdirected to the owner of the .com site. We've seen similar stories of misdirected emails in the past, so perhaps this isn't a huge surprise. In fact, a similar issue may have opened up the Justice Department to one of its big scandals last year, when emails intended for addresses at whitehouse.gov were sent instead to whitehouse.org. However, the question remains why anyone is sending top secret info, such as the whereabouts of President Bush as well as battlefield strategies and passwords, over unsecured email accounts in the first place? Isn't the military supposed to keep those things off the main grid? more

Dan Goodin scoffs:

[He] received emails detailing all kinds of secret military information that were intended for official Air Force personnel ... So Sinnott pulled the plug on the website. Though he remains the owner of mildenhall.com, it may only be a matter of time before all those emails incorrectly addressed to Air Force personnel at mildenhall.com automatically begin to bounce. And that ought to make security conscious people everywhere breath a little easier. Alas, according whois records, mildenhall.net and mildenhall.org are in the hands of non-military individuals and mildenhall.us is available to anyone with $35. Given what we now know about the boobs who send confidential information, that ought to give us pause. more

GW rants:

Just who is in charge of OPSEC (Operational Security) for our military at the moment, Bozo the Clown? Our military has been transmitting unencrypted classified data ... OPSEC has been a critical component of military operations since time immemorial ... It should be encrypted. This is very basic stuff ... And to raise the level of incompetence on this one - he's been trying to get them to stop for eight years ... we are absolutely screwed. This is incompetence on a scale I would not even expect from the military of a third world banana republic. more

Bryan Mitchell offers balance, kinda-sorta:

The Air Force Office of Special Investigations ... confirmed it has been aware of the issue since February 2003, but wrote in an e-mail that Sinnott apparently has some kind of ax to grind with RAF Mildenhall ... “[We] take potential disclosures of sensitive information very seriously and investigate at the appropriate levels when issues arise, but this is not an AFOSI case,” OSI spokeswoman Linda Card wrote. more

One Anonymous Coward looks for the Paris Hilton angle:

I ask you, what sort of drooling idiots do the US Military employ? Do they breed them in special farms? Have they heard of Network Security? As with all secure systems, they are only as secure as the weakest link, which is usually some new and underpaid slack-jawed yokel who has no training and/or don't give a damn. Only in this case, said yokel is wearing a uniform, and probably has easy access to weapons and ammunition. more

But Nich Starling is typically British about it all:

I'm not sure if this is a worry or whether it is re-assuring to know the US is as bad at looking after its data as the UK government is. more

And finally...

• How Sprite is advertised in Argentina [reasonably safe for work, I suppose]
  

Buffer overflow:

• Mark Gibbs: Social Networking Overkill
• F-Secure: MBR Rootkit, A New Breed of Malware
• Mike Hendrickson: State of the Computer Book Market, part 3
• Ben Worthen: Will Google's Bottoms-Up Approach to Businesses Work?
• Jonathan Schwartz: The World's Largest Supercomputing Cloud
• Coding Horror: Actual Performance, Perceived Performance
• InsideMicrosoft: Free 2 Gigabyte USB Drive From Microsoft

Other Computerworld bloggers:

• Seth Weintraub: Push email on the iPhone? Howto.
• Preston Gralla: Five unanswered questions in the Vista 'junk PC' lawsuit
• Frank Hayes: Frankly Speaking: Sabotaging the Internet
• Mark Hall: Secure IP-based intersections
• Mike Elgan: Why I'm done with portable hard drives
• Douglas Schweitzer: Insecure even though PCs are secured
• Shark Tank: That'll stop 'em
• Shark Bait: CTO misses the mark

Richi Jennings is an independent analyst/adviser/consultant, specializing in blogging, email, and spam. A 20 year, cross-functional IT veteran, he is also an analyst at Ferris Research. You too can pretend to be Richi's friend on Facebook, or just use boring old email: blogwatch@richi.co.uk.

Previously in IT Blogwatch:

• Spammer jailed, 'cos spam ain't free speech (and 207 stiffs)
• Pssst! Want some hot FTP logins? (and not just a good idea)
• Microsoft 2008 launch happens, heroically (and pop babel)