Apparently you can pick up outdated U.S. military files for less than $10. That’s what happened to New Zealand’s Chris Ogle when he bought a used MP3 player for $9 in Oklahoma. The 29 year old then took his new device home and synced it to his computer, only to discover that it contained U.S. military personnel lists that included social security numbers and cell phone numbers of soldiers stationed overseas in Afghanistan and Iraq. The files, most of which dated from 2005, also contained details of equipment inventories from U.S. bases in Afghanistan, and one mission briefing.
“The more I look at it, the more I see and the less I think I should be!” Ogle told TVNZ’s ONE News. While the discovery may prove embarrassing to U.S. officials, the outdated files seem to be of little consequence to national security. However, personal information like social security and phone numbers could have put individual soldiers at risk for identity theft and personal harm.
A similar situation was uncovered in Afghanistan in 2006 when U.S. investigators bought stolen flash drives with military information outside Bagram base–a major U.S. military outpost in Afghanistan.
In November 2008, the U.S. Department of Defense banned the use of USB storage devices to prevent leaks like this from happening again. This was shortly after DoD computers were infected with a worm capable of downloading malware onto the Department’s computers. The McCain 2008 campaign also experienced a similar issue when a reporter purchased a Blackberry at the campaign’s fire sale that contained secure information.
These issues highlight the bigger problem of keeping sensitive data secure in any large organization. How, for example, does the Obama Administration plan to keep data secure as it works toward a more open and transparent government? Don’t forget that even the President is not immune to Internet security problems: Hackers recently took advantage of the social networking features on the President’s campaign website my.barackobama.com to lure unsuspecting visitors to download malware.
As for Ogle’s MP3 player, it’s unclear how the data ended up on the device, and as of this writing the government has yet to release a statement on the issue. For his part, Ogle says he intends to hand over the device to U.S. officials upon request.