Sensitve DHS briefings leaked through Energy system
- By Patience Wait
- Jan 26, 2005
Because of an apparent security glitch at the Energy Department, dozens of sensitive Homeland Security Department documents have been available on a public Internet site for several days.
The documents cover five months' worth of "Morning Briefings" sent to federal and state law enforcement agencies?including the FBI , CIA and White House?by DHS.
The briefings provide daily summaries of law enforcement actions directed at thwarting terrorist activities within the United States, and they include details such as names and possible terrorist operations. Marked "for official use only," the government does not make such information public or allow its posting to public Web sites.
DHS spokeswoman Michelle Petrovich said the vulnerability on the Energy Web site was found and dealt with promptly and DHS has taken other steps to protect the reports.
"We changed the way we share information with our federal partners," Petrovich said. "Now they come to us, to a special portal, to access information."
Mike Waldron, a spokesman in Energy secretary Spencer Abraham's office, said access to an internal DOE Web site was "an error of misconfiguration [that] allowed this document to be accessed."
The public site for the department's Energy Assurance Office, the source of the leak, has been put back up, but the internal site is still offline, Waldron said. "DOE security is running tests on the site," he said, adding, "There's potential for possible additional security on that site."
To that end, the employee responsible for the site is "actually going through significant and rigorous security training in addition to the mandatory training" Energy requires on security, he said.
The system flaw meant "someone could read [the briefings] legitimately," said John Loftus, a former Justice Department prosecutor who now is a consultant to former intelligence employees. Loftus said the leaks would be a topic at next month's Intelcon, an intelligence conference in Arlington, Va.
The Web site that posted the documents, www.cryptome.org, reported that the system flaw at Energy originally was in the department's Energy Assurance site. Cryptome.org also reported that a person claiming to be an Energy contractor contacted it Jan. 19 and asked if the documents could be removed. The Web site administrator refused to do so.
DHS will continue to share sensitive information with federal, state and local partners, Petrovich said, while encouraging agencies to take proper security measures to protect the data.
"The public dissemination of detailed information only hinders our ability to protect our citizens," she said.
Energy did not immediately return a reporter's calls for comment.
Susan M. Menke and Mary Mosquera contributed to this story.Editor's note: An earlier post of this story characterized the documents as classified. Although the use of the for-office-use-only designation restricts the release of documents publicly, it is not technically a government classification level.