Dozens of documents containing classified information that could affect the safety of U.S. troops in Iraq and Afghanistan have been posted on unprotected servers by military agencies and related companies, according to a survey by the Associated Press.
The AP, abetted by work done by Christopher Freeman, a Greensboro, N.C, resident who has been tracking this practice, downloaded several documents containing classified information that had been stored on FTP (file transfer protocol) servers.
Wealth of Information
These included the following, according to the AP:
- Several documents on a contractor’s server detailed a project to expand the fuel infrastructure at Bagram Air Base in Afghanistan, including a map of the entry point to be used by fuel trucks and the location of pump houses and fuel tanks.
- A document from the Army Corps of Engineers that contains 61 pages of photos, graphics and charts that map out the security features at Tallil Air Base in southeastern Iraq. It also depicts proposed upgrades to the facility’s perimeter fencing.
- Aerial surveys of military airfields near Balad and Al Asad, Iraq, on the National Geospatial-Intelligence Agency server.
- Detailed maps of buildings and infrastructure at Fort Sill, Okla., were posted on Benham Companies site.
- Material from Los Alamos National Laboratory and Sandia National Laboratories.
Most of the agencies shut down the servers in question when contacted by the AP.
It is not a surprising development.
What most likely happened, speculated Paul Moriarty, director of Internet content security for Trend Micro, is that someone needed to share large data files and they were too big to e-mail. “So they used the FTP protocol,” he told TechNewsWorld. Setting it up so it requires password protection can be tricky, but opening up for anonymous access, he said, is relatively simple.
“Maybe the person intended to take it down later but forgot,” Moriarty added.
Workers tend to take shortcuts that make their jobs easier, he also observed. “That is human nature. What they don’t realize is that there are hackers out there that are continually running scanners looking for open FTP sites.”
Over the Hump
Secure computing habits or practices do not seem to improve even as government agencies and companies become more sophisticated in their use of computers, Roger Thompson, CTO of Exploit Prevention Labs told TechNewsWorld.
“The number of users that keep increasing is one problem,” he noted. “Another problem is that computers have become so much a part of the business environment it is almost impossible to make rules for every action or scenario.”
Common sense does not always fill the gap, he added.
Out of Sight, Out of Mind
Also, end users, unless they are directly involved in IT security, do not tend to really believe the worst projections by security analysts unless they can actually see the impact first hand, David Perry, global director of education for Trend Micro, told TechNewsWorld.
“The threats they believe in are the ones they can see — the damage that spam can cause for instance,” he said, pointing to a recent study by the company found that corporate users are more concerned with spam levels than Web threats, despite spam’s decline (84 percent in 2005 and 72 percent in 2007) and a 540 percent increase in Web threats, likely due to the silent and invisible nature of new infections.
Yet employees take the security precautions about spam more seriously.
“But try telling them about need for firewall or keeping information off of unsecure severs, and they dismiss the warnings,” Perry said.