'Confidential US security documents' flaunted online

Information from the US Department of Homeland Security appears to have reached the public domain via Google's Web cache

A Web site has published what it claims are confidential documents from the US Department of Homeland Security relating to possible terrorist activity.

The information appears to have reached the public domain via Google, illustrating how the search engine can be used to uncover links to confidential information online.

ZDNet UK alerted the Department to the security breach last Wednesday after seeing the documents, which were still available on Monday. Homeland Security officials have declined to comment on the matter.

The documents contain reports of suspicious activity in the US, such as water supply tampering, an airline pilot being attacked with an axe, and bomb threats.

The documents begin:

    "WARNING: This document is FOR OFFICIAL USE ONLY. It contains information that may be exempt from public release under the Freedom of Information Act (5 U.S.C. 552). This document is to be controlled, handled, transmitted, distributed, and disposed of in accordance with DHS policy relating to FOUO information and is not to be released to the public or other personnel who do not have a valid "need-to-know" without prior approval of the Homeland Security Operations Center."

According to the Web site hosting this information, the Department of Energy accidentally published the documents online. They were then discovered by Google and added to its cache of Web content. The mistake was subsequently spotted and the documents taken down, but the Web site owners were able to use Google to find the documents in its cache, and copy and publish them.

The Web site's administrators wrote: "A person pointed out many of these [documents] plus a few others were available in Google caches. [Web site name] found numerous HTML conversions in the Google caches, although none of the original PDFs were accessible. The original Google source site, XXXXXX, appears to have been withdrawn... many of its Web offerings remain online as cached files."

Google hacking -- accessing confidential data from publicly available links on the search engine -- is set to become a big problem this year, experts have predicted. Security company CyberTrust has warned that Internet-connected devices, even Web cams, must be treated as a potential security threat.

The administrators also wrote that a person claiming to be from the Department of Energy had telephoned them, asking that the documents were removed.

"We said no," they wrote. "He said, 'I didn't think so. But the briefs are for official use only, couldn't they be removed?' We said no, the briefs provide good public information. He said, 'okay, thanks for talking to me.' A courteous Homeland Security contractor, that's good news, unlike the briefs."