NOW READ THIS
("Security Advisory")
| Go Back |
Submitted by: Bill Hickey
NCVA List Master
NRT-0252 Sensitive Military Documents Left Unprotected on Web Servers:
A press report claims that sensitive US military documents are being posted carelessly to file servers by government agencies and contractors, making those documents accessbile to anyone with an internet connection. The Associated Press (AP) conducted a survey of servers operated by agencies or companies involved with the military and the wars in Iraq and Afgahnistan and found dozens of documents that officials refused to release when asked directly, due to reasons of troop security.
As examples, the report indicates that documents including detailed schematics of a military detainee facility in southern Iraq, geographical surveys, and aerial photographs of two military airfields outside Baghdad and plans for a new fuel farm at Bagram Air Base in Afghanistan were all available over the internet.
In all cases, the sensitive material became available when it was placed on File Transfer Protocol (FTP) servers connected to the internet. FTP is a simple, efficient, and low-cost way to make files available on a network and remains very popular despite being a relatively old technology. In many cases, inexperienced or careless users do not employ proper security protections on these servers because they believe the general public cannot find the servers in order to access them. According to AP's survey, several of the agencies and contractors that had acciddntally been sharing sensitive documents indicated that the documents had been posted online primarily so that they could easily be shared among colleagues.
The AP's survey reportedly led the Army Corps of Engineers to immediately ask all its contractors to put sensitive material available via FTP under password protection. Moreover, all the agencies and contractors contacted by the AP as a result of the survey have either shut down their FTP sites, secured them with a password, or pledged to install other safeguards to ensure such material is no longer accessible.
(Dow Jones International News 11JUL07)