To learn the complex security protocols of their nuclear base, some American soldiers had the bad idea of using online review apps. As a result, they exposed confidential military information to the entire Internet.
By simple queries on a search engine, it was possible to access hundreds of review sheets created by American soldiers. More precisely, by soldiers in charge of protecting American nuclear bases on European territory (the Netherlands, Germany, Italy, Belgium and Turkey).
The authors of the files used it to test themselves on the extremely complex security protocols of these databases, which they must know inside out. Bad idea: They inadvertently revealed many sensitive details about nuclear warheads and their protections.
At the origin of this discovery, shared on May 28, 2021, is Bellingcat, a media specializing in open source investigation , that is to say from resources and tools accessible on the web. To achieve this result, the journalists simply searched for certain keywords specific to the nuclear weapons sector such as “PAS” (hangars for protection against air strikes), “WS3” (name given to the entire system). security) or “Vault” (for fallout shelter, where warheads are stored in particular).
They thus accessed dozens of files created between 2013 and April 2021 for the most recent. As they went through these documents, investigators learned new acronyms and base-specific terms that they could use to conduct further research and discover more records. After reporters contacted the US military and NATO, all compromising documents disappeared from the Internet.
Always Look At The Accessibility Of a Document
The soldiers’ mistake? Have used consumer review sheet creation software such as Chegg, Quizlet or Cram. This is already proof of a lack of education in information secrecy. In the event of a data breach or hacking of the companies named – which do not meet specific security standards – it have compromised anyway confidential details.
But the error goes much further: the soldiers did not even pay attention to the accessibility of their files. As Bellingcat details, some platforms clarify that documents will be visible to anyone, while others simply state that they must change certain settings to keep records confidential.
The soldiers’ reminders reveal all kinds of more or less exhaustive details depending on the base:
- The location of nuclear bases, and the number of fallout shelters in each.
- What “hot” warehouses (term used in the fact sheets) would currently house nuclear weapons.
- The position of the security cameras on the base.
- The frequency of security patrols.
- Identifiers: access passphrases, details on the construction of specific passwords.
- Warning signals used by soldiers.
This incident is further proof that educating individuals about cybersecurity issues is often more important than the security protocols themselves. And it’s also a friendly reminder that a data breach does not always come from a cyber attack (quite the contrary).
Bellingcat reassures: the scenario where this information would be used for a terrorist attack is highly improbable. The content of the files has a high strategic value for the countries, allies as enemies of the United States.