And Just Why Are Military Officials Sending Top Secret Info Over Email?

from the just-wondering dept

The Register has a story about how the guy who ran the website (which promoted the village of Mildenhall in the UK) has completely shut down the website following pressure received from US officials after they discovered that emails intended for Air Force personnel at the Mildenhall Air Force base (who uses the domain were being misdirected to the owner of the .com site. We’ve seen similar stories of misdirected emails in the past, so perhaps this isn’t a huge surprise. In fact, a similar issue may have opened up the Justice Department to one of its big scandals last year, when emails intended for addresses at were sent instead to However, the question remains why anyone is sending top secret info, such as the whereabouts of President Bush as well as battlefield strategies and passwords, over unsecured email accounts in the first place? Isn’t the military supposed to keep those things off the main grid?

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “And Just Why Are Military Officials Sending Top Secret Info Over Email?”

Subscribe: RSS Leave a comment
Brian says:

How does a conversation like that really occur?

“Uh, are you the owner of Yeah… we’re gonna have to ask you to take down your site. Why? Because we employ a bunch of retards. Also, we’d like to please ask you to forget about that secret list of WoW, Second Life and Eve-Online suspected terrorists we sent you. (That bastard luvspoontang who killed my paladin is gonna pay.) Anyway, we realize that we have absolutely no right to ask this of you, but do take down your site. If you don’t, we’ll make your life hell with all kinds of costly law suits. You won’t be able to afford an Internet connection, much less run a site.”

::5 minutes of laughter:: “You’re serious? I realize that you can’t see me flipping you off through the phone, but I’m doing it anyway.” ::click::

~Brian, who loves seeing his tax dollars at work.

mobiGeek says:

Re: Re:

You drastically overestimate the intelligence of one side of that discussion.

I think it would be more like:

“You are operating specifically to confuse military personel”

“Look ol’ chap, Mildenhall is a village in the UK…”

“In addition, you are stealing secret military communications in direct violation of US and military law. The lives of Marines are at risk. MARINES!! You low-life. You won’t survive the first hour of boot camp.”

“See here my good man, I am not subject to…”

“We risk our lives to save your worthless hide, to protect your precious rights.”

“Yes, but…”

“Surrender it now!”

steve says:

Re: Wanted: IT Professionals in the Government

I think this is evidence the our government’s IT infrastructure is lacking heavily.
It doesn’t take much for information to get out so I guess that’s why we have encryption? Right?
I say hire more people that know what they are doing…
I would gladly pay taxes for that…

moe says:

Let's try reading before commenting ...

First of all, no one from the U.S. forced the website offline. The site’s operator was “forced” to shut it down due to a few factors, including an overwhelming amount of spam; he’s assuming someone sold his address to spammers, but in all reality the bots probably found it on their own. Bottom line — this was a decision he made of his own volition.

Now, to the meat of the article. Mike is right, this info is supposed to kept off the main grid. Just like everything else, once you add humans to the equation then anything can happen. What I’d like to see is the USAF request any addresses that sent classified info from the site’s owner. Then, immediately suspend those accounts, provide refresher training, and review whether or not the individuals still need access to the off-grid systems.

Enrico Suarve says:

Re: Let's try reading before commenting ...

I submit that if you are the kind of fuckwit that sends classified information unencrypted via plain text email without even checking the address first, that you are probably the same kind of fuckwit that clicks on every “yes please install malware on my machine now” button going.
Therefore I can actually see a very likely correlation indeed between numbers of moronic service men sending you mail and the corresponding amount of spam

But like you I read the article and the bit that got me was

“Sinnott says he brought the SNAFU to the attention of Air Force officials but was never able to get the problem fixed. At first, they didn’t seem to take the matter seriously, but eventually, they “went mental,” he said. Officials advised Sinnott to block unrecognizable addresses from his domain and set up an auto-reply reminding people of the address for the official air force base”

Translated: “The solution to our national security problem is for you (a foreign citizen) to do stuff for free and fix the problem for us”


So basically all the corporatly or privatly owned domain names such as should do the same thing?

That makes so much more sense than USAF applying proper security precautions and policies in their own system

I don’t know about anybody else but I’m going looking for any unused domain names that sound like US Forces bases – anyone interested in US Military secrets should contact me in a few weeks at

Just hope I get the domain names before Achmed does it himself

Roy (profile) says:

Sounds like deja vu

I got my first domain name back in 1996. It was intentionally obscure. In ’99, a company in the Beltway district opened, and noticed I had their company name .com. I got one oblique inquiry about buying it that went nowhere. They settled for instead.

Over the next 4 years, I’d get emails intended for them from people (some of them in the company in question) who forgot to type the ‘-inc’ part. I would politely return each one with a note saying “Perhaps you meant to type…” and include all the attachments I had mistakenly received. Attachments like meeting minutes, schedules and draft proposals. Eventually they contacted me and we did negotiate the sale of the name. First (and last, so far) domain name I ever sold.

Oh, the company was a computer security firm.

Hellsvilla (user link) says:

The NIPRNET is useless

Just like every other walled garden, the SIPRNET is useless, and so most users simply use the NIPRNET. Yes, they should still be encrypting classified data, but since noone has invented a truly functional certificate pair encryption system, its rather awkward and still quite difficult to use, especially with someone you’ve never corresponded with before.

As for the military’s OTHER messaging system… well… it’s freakin horrid to use, and noone would want to use that unless it an official message.

So the military has two options. Use COTS email as best as they can (and punish users when they mess up), or stick with decades old technology. Which would you decide?

Kevin says:

That's why...

That’s why it’s mandatory that all US Military forces use encrypted email solutions utilizing PKI. So when they DO manage to send and email to the wrong address it will be encrypted and unreadable. What’s that? You say that they don’t encrypt their emails? Not even the top secret emails?

Well, in that case they deserve what they get.

moe says:

Re: That's why...

At least in the Army it’s not mandatory to use encryption, but the option is available. There is an automated way to require the use of encryption, but it’s not used to day for reasons I won’t get into here.

Of course, if it is in any way a hassle to use you can bet people will just resort to using any one of the plethora of free web-based email providers.

Anonymous Coward says:

how ironic

when I was in the USAF I was in charge of computer systems set specifically for sending top secret information. The funny thing is that at the time our base commander would use my top secret system to send “happy birthday”s and “how was golf this weekend” to other generals, which wasted valuable time and money on an extremely expensive system.

knowitall says:

the information is still encrypted

the issue is not that secret information is being leaked it is that the information is not making it to the people that need it. the information sent out in the email is encrypted, all Secret DOD and HLS traffic is sent via x.400 without the proper forteza cards and access card on the receiving end you can not access the information within the email.

Oh and you can’t “keep it off the grid” the government does not run a global telcom company it simple encrypts its information.

Tim Lundberg says:

In defense of my fellow Airmen

Anyone who wants to come in and fix the largest, most complicated system in the world is welcome to it.

Remember though there are 4 different services, 6 geographic commands, over 1 million dedicated users, and the system is constantly under attack by nations I shouldn’t need to name. A little different then the small business with 50 employees, or the fortune 500 with several thousand employees.

DanC says:

Re: In defense of my fellow Airmen

Granted, it’s an incredibly complex system. It also has the problem of being controlled by bureaucracy and budgetary constraints.

That being said, that doesn’t excuse the fact that these people don’t know who they’re sending email to, or their response to the guy running the UK site. Encryption is honestly not that difficult to implement, and should be mandatory for any confidential US government email.

KenM says:


I love how these websites throw classifications around and just blindly assume that any email they see from the government on an unclassified medium is somehow “Top Secret”. I’m 100% positive that any details found in these emails regarding Bush, troop movements, or strategies were highly embelished in the hopes that it would bring in the hordes of “enlightened”, first semester college freshmen hell bent on trashing the US government, military, and way of life.

And for all of you boobs out there assuming that all classifications of government emails are sent over the non-secure internet, thanks for proving that people still talk out of their a$$ without knowing anything.

moe says:


@knowitall — you’re assuming they’re using the secure network. From the details in the article, this isn’t the case for a number of reasons. Whatever classification the content was — it varied from personal emails to info that probably needed a classification — the receipient provided details, indicating that it wasn’t encrypted.

@KenM — Read the articles. The details provided make it clear that some info was sent over the non-secure network, and that it wasn’t encrypted. Who’s the boob, now?

The fact of the matter is that this happens. Whether it’s to avoid the hassles resulting from the security, or it’s people that aren’t tech-savvy (older people, or just people that only use computers at work/for email & internet), it’s happening. Sticking your head in the sand (knowitall & KenM) doesn’t make it go away.

Anonymous Coward says:

PGP? GPG? Hello?!

“but since noone has invented a truly functional certificate pair encryption system”

Are you honestly telling me that no one here or in the Militerry has heard of PGP, or the GNU implementation, GPG?? I’ve trained artists and mothers to use Thunderbird+Enigmail to encrypt their e-mails on a regular basis. People who don’t understand why they shouldn’t use Internet Explorer as a browser, get why PGP is good! Everyone involved with these “leaks” is obviously an idiot.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...