OPSEC is an important topic in DOD when discussing blogs, but what about email? Apparently not so much… from the the UK’s Telegraph:
A tourist information website promoting a small Suffolk town has had to shut down after it received a barrage of thousands of classified US military emails.
Sensitive information including future flight paths for US Presidential aircraft Air Force One, military strategy and passwords swamped Gary Sinnott’s email inbox after he established www.mildenhall.com, a site promoting the tiny town of Mildenhall where he lives, the Anglia Press Agency reports.
As well as Mr Sinnott and his neighbours, Mildenhall is home to a huge US Air Force base and its 2,500 servicemen and women, and the similarity in domain names has led to thousands of misdirected emails from Air Force personnel. Any mail sent to addresses ending @mildenhall.com would have ended up in Mr Sinnott’s mailbox.
Now military bosses have blocked all military email to the address, and persuaded him to close down his site to end the confusion. He is giving up ownership of the address next month.Mr Sinnott said: "You wouldn’t believe some of the stuff that I have been receiving – I wonder if they ever had any security training. When I told the Americans they went mental.
I got mis-sent e-mails right from the start in 2000 but even after I warned the base they just kept on coming. At one stage I was getting thousands of spam messages a week. I was getting jokes and videos and some of the material was not very nice – people were sending stuff without checking the address.
"But then I began to receive military communications from all over the world – a lot containing very sensitive information."
Is this any more humorous considering the Air Force’s blog blocking?
A while back I was following the “missing AK47s in Iraq” story on my site for and was also starting to follow the CPA Glock pistols showing up in Turkish street crime in relation to the Waxman Blackwater investigation.One morning I checked my hit counter (I’m just a speedbump on the information superhighway, really) and saw a string of about 5 pentagon.mil hits on the post. I figured it was probably some workgroup checking up on some truly awful public diplomacy problems, what with Victor Bout, Russian mobster, losing those CPA AKs after having worked so efficiently (snicker) for NATO and the Taliban in the Kosovo war).
The referring page in all but one case was the user’s own desktop. instead of seeing a string that started http://site/folder/file I saw (as example) file://filestructure/file.
The first party found my post and put it on their desktop with the SiteMeter javascript counter intact (it was NOT ‘hidden’ either!) and passed the file around.
When I looked at the referrer for those files I was looking at the file structure of the groups network.
Any organization with security that slack has no business telling ANYBODY which blogs they should or shouldn’t attend.
BTW, a rehash-after-site-crash of the AK/Glock story is here if anyone’s interested.