MoD's Error Leaks Secrets of UK Nuclear Submarine 248
Tasha26 writes "UK's Ministry of Defence admitted that secret information about its nuclear powered submarines was leaked on the internet by mistake. A 'technical error' (i.e. turning the background colour of certain text to black) meant that sensitive blacked-out parts of the online MoD report could be read by anyone who copy-pasted it into another document. This accidental leak reveals, among many other things, how easy it would be to cause a Fukushima-style reactor meltdown in a sub, and details of measures used by the US Navy to protect its own nuclear submarines."
People Are Stupid (Score:5, Insightful)
Why are the people who control dangerous things always so stupid?
Simple: The vast majority of people are stupid.
Re: (Score:2)
I'll use Hanlon's razor on your reply and merely point out that at least half the population are of above average intelligence.
Re: (Score:2)
I'll use Hanlon's razor on your reply and merely point out that at least half the population are of above average intelligence.
Many intelligent people have zero common sense, which is often the reason for seemingly stupid acts.
Re: (Score:3, Funny)
YOU CAN SAY THAT AGAIN!
Re: (Score:2)
while your quite correct in theory, one must remember that if your average your still and idiot to begin with.
the "average" person isn't smart enough to understand the difference in words like redaction , deletion and blackout.
Re: (Score:2, Funny)
while your quite correct in theory, one must remember that if your average your still and idiot to begin with.
the "average" person isn't smart enough to understand the difference in words like redaction , deletion and blackout.
Or, say..., "your" and "you're".
Re: (Score:2)
while you're quite correct in theory, one must remember that if you're grammar and diction are average you're still an illiterate terd, sir.
You still got it wrong.
Re: (Score:3)
I'll use Hanlon's razor on your reply and merely point out that at least half the population are of above average intelligence.
"Average" is not where I draw the line between stupid and smart. If there is such a line, it would be well above the mean line.
Re:People Are Stupid (Score:5, Insightful)
Actually, 50% of the people have below-average intelligence (assuming a Gaussian distribution), which is a far cry from a "vast majority". It's just that here on /. the average intelligence is above that of the general population (yea, I know), so we tend to look down on all the "others". /., but it is understandable that someone who doesn't know much about computers will think it is secure, esp. since the final PDF file is uneditable. The question is why someone with, obviously, minimal computer skills is given such an important task?
Using background color to black-out sensitive material may seem stupid to us on
Re:People Are Stupid (Score:5, Interesting)
Re: (Score:2)
Technically, it is obvious that the the "real" distribution of IQ scores in not Gaussian, if only because in a Gaussian distribution both tails should continue on to infinity, which is untrue for IQ scores (in both directions).
Re: (Score:2)
Re: (Score:2)
The question is why someone with, obviously, minimal computer skills is given such an important task?
Because his manager has given him glowing performance reviews, primarily because of his stellar computer skills compared to his reviewing manager; he may even be the "go to guy" for computer issues and the ad hoc trainer for his department.
Re: (Score:2)
I agree that mistakes can, and will, happen. However, I would have thought the government had protocols on how to redact documents. For example, in physical (i.e. Not digital) documents you do not use Tipp-Ex but a special ink.
The decision of how to redact a digital document should be solved by people who are really knowledgable in the field, and thus you prevent the mistake from happening.
Re: (Score:3)
Why are the people who control dangerous things always so stupid?
Simple: The vast majority of people are stupid.
Let's not forget that the vast majority of people who control dangerous things assume the vast majority of people are stupid so they don't do enough to protect things from the people who aren't as dumb as they should be.
Re: (Score:2)
But that doesn't explain the gap in expectations. You'd expect people who have such responsible positions not to be representative of the population, and I expect they're not. The lack. may be more one of imagination than intelligence.
The one exceptional virtue of a bureaucracy is consistency ; the corresponding vice is inflexibility. People who rise in them reflect. this. They may be very reliable persons, but expecting them to wonder whether something actually works the way it appears to might be too much
Fukushima-style? (Score:5, Insightful)
"This accidental leak reveals, among many other things, how easy it would be to cause a Fukushima-style reactor meltdown in a sub"
Is that it, now? Is every single thing to do with nuclear reactors going to be compared to Fukushima from now on? What about if terrorists wanted to create a Chernobyl-style meltdown, or how about a three-mile-island-style meltdown?
No really, it's fine, I don't mind throwing random keywords in there to grab extra attention when it's completely unnecessary.
Re:Fukushima-style? (Score:5, Insightful)
Fukushima is the Library of Congress of nuclear meltdowns. Just as 9/11 is the LoC of terror attacks. People love relative terms; nobody understands a 10^9 becquerel of radiation.
Re:Fukushima-style? (Score:5, Insightful)
The vast majority don't understand "Fukushima-style" radiation either ;-)
Re: (Score:2)
Re: (Score:2)
My Chernobyl Red-Star Style will make quick work of your pathetic Fukushima Dawn-Glow Style!
Chernobyl - Jet Li
Fukushima - Toshiro Mifune
Three Mile Island - Wesley Snipes
Re:Fukushima-style? (Score:5, Funny)
Re:Fukushima-style? (Score:5, Insightful)
Fukushima meltdown means your backup cooling method goes out after a scram (and tsunami), and you are basically screwed. This requires a failure of imagination about worst possible scenarios combined with a bad plant location.
Chernobyl explosion is a criticality accident. This requires a really high level of ignorant stupidity or purposeful attack.
Three Mile Island meltdown is that you don't realize a valve is open and your core water boils away. This requires a level of stupidity in human/machine interaction.
Re: (Score:2)
Re: (Score:2)
not because it is technically risky, but organizationally risky. The same applies to all the other examples mentioned.
The French seem to be handling it fairly well, but then again they made the effort to standardize. Our reactors, on the other hand, are unique works of art ... a fundamentally stupid approach when you get right down to it.
Re: (Score:3)
Not to mention that, the average nuclear submarine has between 0.01 to 0.001 the amount of fuel than one reactor at Fukushima (maybe less)
And a (slightly) different technology
Next thing we'll know they're calling a RTG "this is flying Fukushima "
Re: (Score:3)
Nuclear submarine fuel is much more enriched, though.
Re: (Score:2)
This just seems like a such a bad comparison to me, the Fukushima-style reactor meltdown was a "we ran out of water" thing; how would that happen in a submarine?
Re: (Score:2)
Well, I do not think they have any pipes to pour sea water into the reactor.... so being in a submarine does not help to that (indeed Fukushima was at the coast and that did not get, either).
Junior Member? (Score:5, Insightful)
From the article:
The senior technology consultant at web safety firm Sophos said: “It’s a staggeringly stupid thing to do. Anyone with even an elementary knowledge of computing would know how to read it. I can only assume they gave it to a junior member of staff to deal with.
On the contrary, a junior member probably would have had some computer know-how. They probably gave it to some old-timer who knows nothing about computers (apologies to all /. {1,2,3} UIDs; I am talking about mere mortals, and I will be sure to get off your lawn) and he just thought that if he changes the background, the words will remain blacked-out forever.
Oh, and BTW, what's with the last sentence?
Two weeks ago two officers were shot – one fatally – on HMS Astute, when it was docked in Southampton. Sailor Ryan Donovan, 23, has been charged with murder.
I don't see how it is related to the article, except in regards of it talking about one of Britain's submarines. Talk about tangentiality.
Re: (Score:2)
From the article:
Two weeks ago two officers were shot – one fatally – on HMS Astute, when it was docked in Southampton. Sailor Ryan Donovan, 23, has been charged with murder.
I don't see how it is related to the article, except in regards of it talking about one of Britain's submarines. Talk about tangentiality.
Guy in suicide mode shooting his fellow soldiers in walking distance to a nuclear reactor IS worth mentioning.
It also reminds me of Hunt for Red October, which was a cool movie.
Re: (Score:3)
...or with no toilets whatsoever!
Re: (Score:3)
Right, why do you need a toilet when you can just take a leak on the reactor to cool it down?
Re: (Score:2)
...and take a crap in the torpedo chute.
Daily Star? (Score:5, Informative)
On another note, why in the name of fuck is Slashdot posting anything from the Daily Star? The newspaper is most famous for its page-3 topless girls and their sheer determination to use words with as few syllables as possible.
Have a look at the website, the topics along the top, they've got an entire section dedicated to "Babes" and what's more the bottom of the article has the words "More 'News' Here". That's right, not even the website itself genuinely believes that it has real news there, instead opting to put the term in quotes.
Seriously...the daily star? Is this what slashdot has come to?
Re:Daily Star? (Score:5, Insightful)
The newspaper is most famous for its page-3 topless girls
Which is something that Slashdot could use more of! Forget, "OMG! Ponies!" How about next April 1st, we see a page-3 topless girls Slashdot site. Sure should be more interesting than all of those other April 1st articles . . .
Re: (Score:2)
lmgtfy fails without javascript, which is just stupid. Next time try fuckinggoogleit.com
Re:Daily Star? (Score:4, Informative)
On another note, why in the name of fuck is Slashdot posting anything from the Daily Star? The newspaper is most famous for its page-3 topless girls and their sheer determination to use words with as few syllables as possible.
So what if they have pictures of totty in their pages, that is not what is being linked to. The Daily Star do not seem to have made the story up, the write up seems as good as you get anywhere else. It appears that the Daily Star alterted the MOD about their stupidity so they are the origin of the story & deserve credit for that.
If you are such an intellectual snob that you won't read the Daily Star, here is the story on the BBC [bbc.co.uk].
Re: (Score:3)
It appears that the Daily Star alterted the MOD about their stupidity
So even the Daily Star is smarter than the Ministry of Defense now?
We are so screwed.
Re: (Score:3)
Probably because they're the ones who broke the story - it's been picked up by slightly more high-brow outlets too, but it's a tradition that you link to the source of a story. Even the BBC point to them: http://www.bbc.co.uk/news/uk-13107413 [bbc.co.uk]
Unless you have a blog to pimp, and need the ad revenue... then you post your link on the front page and wait for the Slashdot effect to make you rich ;)
Re: (Score:2)
I can only imagine the twitch of the editor at BBC.
*we* ... *link* ... *daily star* ...
Wikileaks to blame! (Score:2)
Obviously, this is all the fault of wikileaks & Julian Assange! It was his actions that awoke the appetite of the general public to consume dangerous information that they are not allowed to have. Even the safeguards put in place by the government to protect its people from such dangerous information, the Freedom of Information Act, is now no longer effective. We need to pass new legislation quickly to correct this issue at once!
Therefore, I submit the following legislation for review:
1) Make using Copy
Re: (Score:2)
the actual news (Score:5, Informative)
DO NOT look at the Star newspaper it's like looking at the national inquirer....
the people who broke the news where UK channel 4
see this link for the story
http://www.channel4.com/news/britains-nuclear-subs-potentially-vulnerable-to-accidents [channel4.com]
the document seems flattened but is here
http://robedwards.typepad.com/files/declassified-report-to-mod-defence-board.pdf/a [typepad.com]
anyone actually able to copy and paste from it ?
why does the MOD use microsoft word for these type of things is beyond me...
regards
John Jones
p.s. do you think china et. al. have the same problems...
Re: (Score:2)
Actually the channel 4 item doesn't mention botched redactions - they're talking about the parts of the document you can read.
They even say:
"UK submarines compare poorly with these benchmarks, with the ability to tolerate only a structural failure equivalent to a..." Unfortunately the rest of the sentence, along with most of the following two pages, are blacked out in the released document.
So it was the Daily Star who tried the old trick of copy-paste and got lucky.
Page 3 link for you... (Score:2)
You asked: :-)
http://www.dailystar.co.uk/babes/ [dailystar.co.uk]
Oh Great! (Score:2)
Better BBC link (Score:2, Informative)
The Daily Star doesn't cost very much in the UK because they don't need to pay for clothes for some of the models.
Here's the BBC link: http://www.bbc.co.uk/news/uk-13107413.
Apparently something to do with blacking out parts of a report but the text still being there when you paste it into another document.
Re: (Score:2)
The Daily Star doesn't cost very much in the UK because they don't need to pay for clothes for some of the models.
Funny, that's never worked for any woman that I knew....
WYSWYG mindset strikes again (Score:3, Insightful)
The problem is using programs that advertise themselves as WYSWYG editors when in fact they're not.
Now it's unreasonable to expect the every computer-literate but non-expert user to understand the data format, encoding and specific behaviour of every document editor. The blame here rests solely on the management that should have trained users how to manipulate sensitive documents using approved tools.
Re: (Score:2)
Approved tools: Notepad and the 'delete' and 'backspace' keys
RTFD (Score:4, Informative)
Have you actually LOOKED at the document?
Its original classification was "RESTRICTED - UK EYES ONLY" which is basically a rather quaint old fashioned form of "UK RESTRICTED".
RESTRICTED is the lowest level that requires any special handling to speak of. We would tend to assume that foreign intelligence agencies already have everything that is RESTRICTED.
CONFIDENTIAL is the lowest level at which any serious effort is taken to prevent FISs getting hold of the information, and then exponentially more protective measures are taken as one moves through SECRET and TOP SECRET.
So whilst embarrassing, it doesn't contain anything that any halfway competent FIS would not have already been aware.
Move on, nothing to see here....
Re: (Score:2)
That said, the person releasing it is still liable for 30+ years in jail for a breach of the official secrets act.
Re: (Score:2)
Re: (Score:2)
And the secret was... (Score:2)
The Conqueror fired first.
Oops ... (Score:2)
Sounds like someone will soon be transferred to clean radar dishes in Antarctica.
Importance of sub warefare against Taliban (Score:2, Funny)
I think these nuclear subs are well worth the expense. How else will Britain deal with Taliban aircraft carriers?
Re:hahaha (Score:4, Insightful)
Or perhaps
Step 1 ) Remove sensitive information
Re: (Score:3)
Or perhaps
Step 1 ) Remove sensitive information
Hasn't this bitten people in the past when they shared a Word document that had quick save enabled or something like that?
Re: (Score:2)
I get the point, but scanning a hand-redacted document is idiot-proof. Besides, some applications save editing data into PDFs. OpenOffice does this, for instance. So that's yet another set of items you'd have to add to your list: 1b: When exporting the PDF, use a print driver and not the PDF export function of your program.
Re: (Score:3)
Or perhaps Step 1 ) Remove sensitive information
Exactly. Why the hell would you put ANYTHING sensitive like that on any computer connected to the internet?
It's not the user's fault (Score:4, Insightful)
Re:It's not the user's fault (Score:4, Insightful)
Re: (Score:2)
How would the application know?
If (background == foreground) {
printf("Thats not doing what you want\n");
}
If the user is drawing a black rectangle over stuff the app could be clever enough to clip away everything that gets overdrawn instead of storing it in the file when doing PDF export (might help performance too).
The user fundamentally needs to know the difference between adding information to a document and removing information
When working with sensitive information that certainly couldn't hurt, that however doesn't excuse applications doing a shitty job in support the user doing that (metadata generally hidden down in some deep subme
Re: (Score:3)
Re: (Score:2)
> If the user is drawing a black rectangle over stuff the app could be clever enough
> to clip away everything that gets overdrawn instead of storing it in the file when doing
> PDF export (might help performance too).
But that's not necessarily what the user wants in every circumstance. For example: Just off the top of my head, I know of a couple of websites devoted, in part, to discussion of television shows or movies. The etiquette of those sites. for both users and authors, is to set the text a
Re: (Score:2)
How is the application to know the difference?
By looking if the user does a PDF export or a regular save as Word document, the former should reduce the document to only the visible parts, the later one of course has all the hidden information.
Its easy to ridicule such mistakes, but I couldn't even tell you how to not make them as a regular user with the software at hand, as text redaction doesn't even seem to be in the feature set of your average Word processor and isn't easily replicated with manual effort (just overwriting the text would destroy the
Re: (Score:2)
If the user is drawing a black rectangle over stuff the app could be clever enough to clip away everything that gets overdrawn instead of storing it in the file when doing PDF export (might help performance too).
That's definitly NOT what you want when preparing a pdf for printing. http://en.wikipedia.org/wiki/Trap_(printing) [wikipedia.org]
And about that performance issue..... It's faster to draw three rectangles on top of each other than three times drawing a rectangle, cutting out the clipped part, and then draw thavever was supposed to fill in the clipped holes. That would be only true if simple geometries hide complex geometries.
Sure... (Score:2)
The user fundamentally needs to know the difference between adding information to a document and removing information.
Sure, because that is the way it is in the real life, right?
When you paint a black rectangle over a piece of text you are adding information to that piece of paper. When you paint it all black it is positively LOADED with information.
In fact, it has ALL THE INFORMATION EVER right there on that black page - you just need to extract it out of there.
And don't get me started on those white pages that people think of as blank. HA!
I "borrowed" a piece of paper from a classmate back in school - he didn't even know
Re: (Score:2)
And a highschool chemistry lab probably contains all you need to read exactly what was under the blacked out portions of a "real" document too. If they used those thick pens to black out printed ink (e.g. laserprinter ink), all you need is some alcohol. Of course, in the general case, it requires a bit of knowledge.
But If you're lucky with the paper type, all you need is a lightbulb.
Laserprinter ink can be made to perform an especially cool trick, saving a lot of time. For at least 48 hours after printing
Re: (Score:2)
What I've seen people do in meatspace is to get out the black marker, black out the parts they want redacted, then photocopy it and distribute the copy but keep/destroy the one that actually has the marker on it.
Re: (Score:2)
Exactly.
And there is a fairly easy computerized analog to your approach:
Make your changes in whatever fancy content generation software your organization uses. Then export and distribute the redacted documents as bitmaps or plaintext or any of a dozen other file formats which do not store all of of the hidden (but easily found) metadata as word or pdf.
Re: (Score:2)
Laserprinter Ink?
Re: (Score:2)
Uh, using a word processor is real life.
Unless you count those word-processor-simulator using weirdos.
Re: (Score:2)
So maybe what they should introduce is a "photocopy" software for PDFs which removes any information which cannot be seen with the naked eye.
That isn't the problem. They already have things that effectively do that.
The problem is that not all programs do that automatically, and stupid people are stupid.
Re: (Score:2)
I was making fun of the parent poster's approach of teaching users about "difference between adding information to a document and removing information".
Cause that is what user is really thinking about when writing/reading/erasing/masking - adding information or not.
Unlike say... maybe... thinking about writing/reading/erasing/masking.
Users don't think about what those abstractions they are using ACTUALLY represent.
Easiest fool-proof solution probably is to get them a special easy-to-use tool for JUST THAT a
Re: (Score:2)
Yeah... right after you teach them not to use 5 letter passwords.
Re:It's not the user's fault (Score:4, Insightful)
Most users are non-technical.
Management should ensure that those should be properly trained to do their job. Those responsible for putting stuff on web sites (or where ever) should know what they are doing. Would it be acceptable to say ''he blew up the nuclear sub because he didn't know how to manage the reactor'' ?
This is an old issue and it's not excusable that the application didn't give a warning.
The application was probably instructed to turn the background black, it was probably not instructed to make certain text unreadable.
This is a management issue but, as ever, I can see them just blaming some muppet at the bottom of the pile.
Re:It's not the user's fault (Score:5, Funny)
The other day the administrator in my department was organising a project to electronically sign all documents. Thats how they describe it anyway. They are going to scan a bunch of written signatures and paste them in to the documents which are "signed". There will be a directory (sorry, "folder") full of signatures to choose from.
Re:It's not the user's fault (Score:5, Funny)
Re: (Score:3)
Make up one for Venus de Milo
Re:It's not the user's fault (Score:5, Informative)
They are going to scan a bunch of written signatures and paste them in to the documents which are "signed". There will be a directory (sorry, "folder") full of signatures to choose from.
This is modded +5 funny, but it is tragically common in the medical and professional world.
A lot of doctor's offices are printing out pre-signed perscriptions on 8x11 instead of hand writing/signing on perscription pads whose paper has security features.
Re: (Score:2)
But for controlled substances, US pharmacies still require, and all doctors use, secure prescriptions with real signatures and a valid DEA identifier. When filled, the prescription is recorded in a national database referring to the patient, the doctor, and the pharmacy. Those printed 8.5x11 rx's are for stuff like blood pressure meds that no one
Re: (Score:2)
The right way to do this, of course, is setting up a public-key cryptography infrastructure and users using their individual keys to sign documents. MS Word, for example, natively supports this if you have a PKI it groks.
Re: (Score:2)
I think the Royal Navy of all military branches has the least excuse, since naval warfare has been a completely technical endeavor for the last 400 years. These are people who's lives are spent operating giant multi-billion dollar nuclear armed fighting platforms. These are people who's job it is to make sure they know every bolt in the ship and have a command structure in place so that nobody can screw up and sink the ship. Somehow not only did one person not actually remove the information, but the comma
Re: (Score:2)
screen shot
Re:hahaha (Score:5, Informative)
It absolutely boggles my mind that this can still happen.
Adobe specifically have put in a redaction feature into Acrobat Pro just to do this, and it couldn't be easier to use.
You select the redaction tool and drag your mouse over the text to redact. Select as many pieces of text as you want, they're hilighted while you're doing it so you can see what you're doing.
Then, when you're done, click the Apply Redactions button and it's done.
Not only is the text on the page redacted, but any metadata (and there's often quite a bit in your average PDF) that could potentially leak important information is removed too. You now have a PDF that's safe to distribute and I'd wager that it's actually easier to do it this way than it would be to draw black rectangles over everything you want to hide.
They were actually quite clever this time (Score:2)
Everybody knows by now that you can't hide anything in a PDF by putting a black rectangle above the text.
But these people were clever and carefully avoided doing this old stupid mistake which they knew so many people had done before.
Instead, they put the black rectangle BEHIND the black text...
(By the way: I think I have seen somewhere that the black rectangles above the text is actually the way it must be done in USA according to some instructions from the government. Anyone can confirm this?)
Re: (Score:2)
So then... we gather that either you are against emotions, law, authority, etc. or you just like to make lists.
Re: (Score:2)
You've been posting this shit for a couple of days now. Are you a bot, a troll or a sad individual crying for help?
Just curious.
Re: (Score:2)
Re:Avoid the Tsunamis (Score:5, Funny)
Not if they are full of leaks.
Re: (Score:2)
Re: (Score:2)
Oh, leaks, sorry.
Re: (Score:2)
Unlike a 10,000 ton nuclear power plant the submarine might be able to avoid tsunamis
They can also operate under 70 feet of water; even diesel subs can.
Re: (Score:2)
You seem pretty blithely confident in your assertions there.
Re: (Score:2)
A small bomb or a soldering iron, perhaps? All your assumptions are that the safety hardware in intact, not sabotaged, and no one has hot wired the battle overrides. Also, that no one has destructively blown a gaping hole in a crucial bit of piping. All that failure analysis for stuff like high pressure steam lines is done assuming leaks that come from a progressive material failure - not someone blasting the pipes into pieces.
Also, you're assuming all these safety measures actually work according to the
Re: (Score:2)
Look, get real here. You're talking about a large quantity of high dense nuclear fuel, in an application where the WEIGHT matters. Everything you add to protect against a meltdown is going to slow your ship or sub down. Actual, real world accidents show that just 2 or 3 things going wrong - a stuck valve plus some rust somewhere plus a control panel putting critical information somewhere hard to find - is enough to cause serious accidents.
I find it hard to believe that given merely a power loss has destr
HMS Astute - rogue sailor (Score:2)