X
Tech
Home Tech Security

Anonymous FTP sites leave military secrets naked online

According to the Associated Press, military information that would pose a threat to U.S.
Written by Richard Koman, Contributor

According to the Associated Press, military information that would pose a threat to U.S. troops if it were to fall into enemy hands, is freely available over the Internet.

Among the sensitive information mistakenly posted online: Detailed schematics of a military detainee-holding facility in southern Iraq, geographical surveys and aerial photographs of two military airfields outside Baghdad, and plans for a new fuel farm at Bagram Air Base in Afghanistan.

The AP found dozens of documents that military officials refused to release when asked directly, citing troop security. In response to the AP's inquiry, the Army Corps of Engineers changed its policies for storing sensitive material online, but a week after the policy change, the AP downloaded 61 pages of photos, graphics and charts mapping out the security features at Tallil Air Base, directly from the agency's own server.

"That security fence guards our lives," said Lisa Coghlan, a spokeswoman for the Corps of Engineers in Iraq, who is based at Tallil. "Those drawings should not have been released. I hope to God this is the last document that will be released from us."

Other contractors and government agencies have since learned that sensitive information such as maps, charts, surveys and building information are accessible from the Internet, and this is prompting wholesale changes.

For example, Benham Companies LLC is securing its site after learning it had inadvertently posted detailed maps of buildings and infrastructure at Fort Sill, Okla. "Now, everything will be protected," said Steve Tompkins, a spokesman for Oklahoma City-based Benham.

How does this happen? Apparently, the government and companies have been posting sensitive documents on anonymous FTP servers under the mistaken theory of security by obscurity. Military contractor SRA International found out the hard way and has all but shut down its public FTP server. There is but one file remaining on that server:

"In order to mitigate the risk of SRA or client proprietary information being inadvertently made available to the public, the SRA anonymous ftp server has been shutdown indefinitely. In the coming months, a new secure ftp site will be introduced that will replace the functionality of this site."

All contractors and government agencies contacted by AP have either shut down their FTP sites, secured them with a password or pledged to install other safeguards to ensure the documents are no longer accessible.

"We saw that there have been instances where some documents have been placed on FTP sites, and they haven't had any safeguarding mechanisms for them," said Army Corps spokeswoman Joan Kibler. "We've determined that those documents need to be safeguarded, so we've amended our practices here to require that any of those types of documents have restricted access when they're placed on FTP sites."

Editorial standards
Show Comments

Related

Samsung Galaxy Watch 6 Classic

Samsung is giving away free Galaxy Watch 6 models right now - here's how to qualify

iPhone 14 Pro Max on grass

Here's every iPhone model that will receive Apple's iOS 18 update (and which ones can't)

Apple's Messages icon displayed on a phone screen is seen in this illustration photo taken in Krakow, Poland on August 26, 2021. (Photo Illustration by Jakub Porzycki/NurPhoto via Getty Images)

Apple is finally adding RCS texting to the iPhone - and I'm absolutely thrilled