I suppose we shouldn’t be surprised that the U.S. military doesn’t seem to be any better about information security than companies or other parts of government:

Detailed schematics of a military detainee holding facility in southern Iraq. Geographical surveys and aerial photographs of two military airfields outside Baghdad. Plans for a new fuel farm at Bagram Air Base in Afghanistan.

The military calls it “need-to-know” information that would pose a direct threat to U.S. troops if it were to fall into the hands of terrorists. It’s material so sensitive that officials refused to release the documents when asked.

But it’s already out there, posted carelessly to file servers by government agencies and contractors, accessible to anyone with an Internet connection.

— Military files left unprotected online, By Mike Baker, Associated Press Writer, Thu Jul 12, 8:03 AM ET

Surely they know better than this?

Apparently some military contractors are depending on security by obscurity:

A spokeswoman for contractor SRA International Inc., where the AP found a document the Defense Department said could let hackers access military computer networks, said the company wasn’t concerned because the unclassified file was on an FTP site that’s not indexed by Internet search engines.

“The only way you could find it is by an awful lot of investigation,” said SRA spokeswoman Laura Luke.

And the AP seems to think that if it destroys the copies it picked up, nobody else has copies:

The AP has destroyed the documents it downloaded, and all the material cited in this story is no longer available online on the sites surveyed.

Well, that’s wishful thinking.

Given that much of this information can be found in satellite imagery originating outside the military, and which foreign governments presumably also have, one wonders just how sensitive some of this information really is. Meanwhile, the U.S. military has time to block soldiers’ access to myspace. This makes me wonder.

What’s the real point here: actual sensitive military secrets too visible, or Internet bad and needs suppressing?

But Mark Moss, a Charlotte-based FBI agent who focuses on online security, said foreign intelligence agencies spend a lot of time on the Internet because online intelligence-gathering is cheap, quick and anonymous.

“If they steal your technology through the Internet, it’s overseas in an instant,” Moss said. “It’s the perfect conduit.”

This is like blaming the air for transmitting voice messages. Ah, the Internet: perfect conduit for foreign intelligence agencies! Blame the communications infrastructure for mistakes by those who put information on it. Then attempt to solve the problem by simply taking down the servers, instead of finding ways to distribute it securely to those who actually need to know. And emphasize national intelligence agencies when the actual enemy is mostly a variety of small self-funding non-national groups; groups that manage to use the Internet for their own direct and stigmergic communications and don’t seem overly concerned about leaks. Asymmetric warfare indeed!

-jsq