[ISN] US government forces military secrets on Brit webmaster

From: InfoSec News (alerts@private)
Date: Tue Mar 04 2008 - 01:03:49 PST


http://www.theregister.co.uk/2008/03/03/mildenhall_website/

By Dan Goodin in San Francisco 
The Register
3rd March 2008

A website promoting the town of Mildenhall has been shut down after it 
unintentionally became the recipient of hundreds of classified emails, 
including messages detailing the planned flight path of President Bush.

Over more than a decade, www.mildenhall.com received emails detailing 
all kinds of secret military information that were intended for official 
Air Force personnel. One detailed where Air Force One could be found in 
the air during a planned visit to the region by President Bush. Others 
included battlefield strategy and passwords.

"I was being sent everything from banal chat and jokes, to videos up to 
15mb in size," Gary Sinnott, owner of mildenhall.com, said in this 
article in EDP 24. "Some were classified, some were personal. A lot had 
some really sensitive information in them."

As owner of mildenhall.com, Sinnott received every email that had that 
domain name included in the address field. The site was set up to 
provide information about the town of Mildenhall, which is about a 
half-hour's drive north east of Cambridge.

Sinnott says he brought the SNAFU to the attention of Air Force 
officials but was never able to get the problem fixed. At first, they 
didn't seem to take the matter seriously, but eventually, they "went 
mental," he said. Officials advised Sinnott to block unrecognizable 
addresses from his domain and set up an auto-reply reminding people of 
the address for the official air force base.

But still, the official emails continued to flow in to Sinnott's site. 
And to make matters worse, some people got angry after Sinnott told them 
they were sending email to the wrong address and gave his address to 
spammers. Sinnott was receiving 30,000 pieces of email per day, most of 
which was junk mail.

So Sinnott pulled the plug on the website. Though he remains the owner 
of mildenhall.com, it may only be a matter of time before all those 
emails incorrectly addressed to Air Force personnel at mildenhall.com 
automatically begin to bounce. And that ought to make security conscious 
people everywhere breath a little easier.

Alas, according whois records, mildenhall.net and mildenhall.org are in 
the hands of non-military individuals and mildenhall.us is available to 
anyone with $35. Given what we now know about the boobs who send 
confidential information, that ought to give us pause.


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Tue Mar 04 2008 - 02:23:42 PST