Advertisement
Promo

Security threats Toolkit

'Confidential US security documents' flaunted online

Dan Ilet ZDNet.co.uk

Published: 24 Jan 2005 16:45 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A Web site has published what it claims are confidential documents from the US Department of Homeland Security relating to possible terrorist activity.

The information appears to have reached the public domain via Google, illustrating how the search engine can be used to uncover links to confidential information online.

ZDNet UK alerted the Department to the security breach last Wednesday after seeing the documents, which were still available on Monday. Homeland Security officials have declined to comment on the matter.

The documents contain reports of suspicious activity in the US, such as water supply tampering, an airline pilot being attacked with an axe, and bomb threats.

The documents begin:

    "WARNING: This document is FOR OFFICIAL USE ONLY. It contains information that may be exempt from public release under the Freedom of Information Act (5 U.S.C. 552). This document is to be controlled, handled, transmitted, distributed, and disposed of in accordance with DHS policy relating to FOUO information and is not to be released to the public or other personnel who do not have a valid "need-to-know" without prior approval of the Homeland Security Operations Center."

According to the Web site hosting this information, the Department of Energy accidentally published the documents online. They were then discovered by Google and added to its cache of Web content. The mistake was subsequently spotted and the documents taken down, but the Web site owners were able to use Google to find the documents in its cache, and copy and publish them.

The Web site's administrators wrote: "A person pointed out many of these [documents] plus a few others were available in Google caches. [Web site name] found numerous HTML conversions in the Google caches, although none of the original PDFs were accessible. The original Google source site, XXXXXX, appears to have been withdrawn... many of its Web offerings remain online as cached files."

Google hacking -- accessing confidential data from publicly available links on the search engine -- is set to become a big problem this year, experts have predicted. Security company CyberTrust has warned that Internet-connected devices, even Web cams, must be treated as a potential security threat.

The administrators also wrote that a person claiming to be from the Department of Energy had telephoned them, asking that the documents were removed.

"We said no," they wrote. "He said, 'I didn't think so. But the briefs are for official use only, couldn't they be removed?' We said no, the briefs provide good public information. He said, 'okay, thanks for talking to me.' A courteous Homeland Security contractor, that's good news, unlike the briefs."

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
83 out of 152 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

2 comments

  1. cryptome.org is the "Web site hosting this informa... Anonymous
  2. A FOR OFFICIAL USE ONLY document was placed on th... Richard Starnes

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:






Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters