The information appears to have reached the public domain via Google, illustrating how the search engine can be used to uncover links to confidential information online.
ZDNet UK alerted the Department to the security breach last Wednesday after seeing the documents, which were still available on Monday. Homeland Security officials have declined to comment on the matter.
The documents contain reports of suspicious activity in the US, such as water supply tampering, an airline pilot being attacked with an axe, and bomb threats.
The documents begin:
- "WARNING: This document is FOR OFFICIAL USE ONLY. It contains information that may be exempt from public release under the Freedom of Information Act (5 U.S.C. 552). This document is to be controlled, handled, transmitted, distributed, and disposed of in accordance with DHS policy relating to FOUO information and is not to be released to the public or other personnel who do not have a valid "need-to-know" without prior approval of the Homeland Security Operations Center."
According to the Web site hosting this information, the Department of Energy accidentally published the documents online. They were then discovered by Google and added to its cache of Web content. The mistake was subsequently spotted and the documents taken down, but the Web site owners were able to use Google to find the documents in its cache, and copy and publish them.
The Web site's administrators wrote: "A person pointed out many of these [documents] plus a few others were available in Google caches. [Web site name] found numerous HTML conversions in the Google caches, although none of the original PDFs were accessible. The original Google source site, XXXXXX, appears to have been withdrawn... many of its Web offerings remain online as cached files."
Google hacking -- accessing confidential data from publicly available links on the search engine -- is set to become a big problem this year, experts have predicted. Security company CyberTrust has warned that Internet-connected devices, even Web cams, must be treated as a potential security threat.
The administrators also wrote that a person claiming to be from the Department of Energy had telephoned them, asking that the documents were removed.
"We said no," they wrote. "He said, 'I didn't think so. But the briefs are for official use only, couldn't they be removed?' We said no, the briefs provide good public information. He said, 'okay, thanks for talking to me.' A courteous Homeland Security contractor, that's good news, unlike the briefs."
Talkback
cryptome.org is the "Web site hosting this information", since the reported seems to have "forgotten" this information. Given that the documents are in the wild, there is no point concealing this information from readers who may want to get an idea of what the fuss is about.
A FOR OFFICIAL USE ONLY document was
placed on the Internet, it's the end of western
civilization! A little research goes a long way.
The title and the article refer to the document
in question as "Confidential US security
documents". Confidential is a document
classification level, ranking just under the
Secret level. The actual document was
classified at the: FOR OFFICIAL USE ONLY
level. Either the reporter doesn't know, hasn't
properly researched or he is trying make a
story sexy that really isn't. The classification
level of FOR OFFICIAL USE ONLY, is at the
very bottom of the classification hierarchy
and carries no criminal penalties for
disclosure.