A Web site has published what it claims are confidential documents from the US Department of Homeland Security relating to possible terrorist activity.
The information appears to have reached the public domain via Google, illustrating how the search engine can be used to uncover links to confidential information online.
ZDNet alerted the Department to the security breach last Wednesday after seeing the documents, which were still available on Monday. Homeland Security officials have declined to comment on the matter.
The documents contain reports of suspicious activity in the US, such as water supply tampering, an airline pilot being attacked with an axe, and bomb threats.
The documents begin: "WARNING: This document is FOR OFFICIAL USE ONLY. It contains information that may be exempt from public release under the Freedom of Information Act (5 U.S.C. 552). This document is to be controlled, handled, transmitted, distributed, and disposed of in accordance with DHS policy relating to FOUO information and is not to be released to the public or other personnel who do not have a valid "need-to-know" without prior approval of the Homeland Security Operations Center."
According to the Web site hosting this information, the Department of Energy accidentally published the documents online. They were then discovered by Google and added to its cache of Web content. The mistake was subsequently spotted and the documents taken down, but the Web site owners were able to use Google to find the documents in its cache, and copy and publish them.
The Web site's administrators wrote: "A person pointed out many of these [documents] plus a few others were available in Google caches. [Web site name] found numerous HTML conversions in the Google caches, although none of the original PDFs were accessible. The original Google source site, XXXXXX, appears to have been withdrawn... many of its Web offerings remain online as cached files."
Google hacking -- accessing confidential data from publicly available links on the search engine -- is set to become a big problem this year, experts have predicted. Security company CyberTrust has warned that Internet-connected devices, even Web cams, must be treated as a potential security threat.
The administrators also wrote that a person claiming to be from the Department of Energy had telephoned them, asking that the documents were removed.
"We said no," they wrote. "He said, 'I didn't think so. But the briefs are for official use only, couldn't they be removed?' We said no, the briefs provide good public information. He said, 'okay, thanks for talking to me.' A courteous Homeland Security contractor, that's good news, unlike the briefs."
ZDNet UK's Dan Ilett reported from London. For more coverage from ZDNet UK, click here.
Most mistakes made in IT are human ones. If Homeland Security is open to privacy and security
breaches, it should be clear that we all paddling that same boat, and we give governments the power to do the steering - around such rocks.
Meanwhile, a few guys got together one day, and realized they could use everyone elses computing power to look for aliens - it was a good cause, the software was not downloaded without prior consent, and they even told you what it would do while you were asleep. See SETI.
Another couple of guys took advantage of these weak privacy laws for our global web community - except they just wanted to use that extra power to advertise things they could find for you, that you need, back at you. Unfortunately, their engine can be used to find the weakest links in the chain - and that's survival of the fittest!
It seems criminals have some how realized, governments have not legislated against any of this. They can search and find all your weaknesses, and then capture everything type, as it appears that 'key loggers' are actually legitimate.
The best database search engine was, if I am not mistaken, invented by a librarian, and existed long before your own personal super cool Google search engine. They still use it today apparantly, but I have not been to a library for a while to smell a few old books.
If you disagree with me, try Tim Berners-Lee’s thinking out for size - he wanted to redesign the www accordingly several years ago to add ‘categories’ like a library catalogue. What is the semantic web anyway?
Anyway, I can now find homeland security info, and a suitable keylogger to build into a trojan virus that drops like a cookie for safe keeping.
Stolen credit card numbers or even the software to generate fakes are just as easily googled.