Exclusive: Classified information found on NSA website

0
A screen capture of a classified document found on the public website of the National Security Agency.

A screen capture of a classified document found on the public website of the National Security Agency.

You can find classified information on the website of the National Security Agency if you know where to look.

While doing research online into the NSA’s secret “PRISM” project, The Desk stumbled upon a document titled “BIND 9 DNS Security.” The document itself appears relatively innocuous; it offers guidance on how a network administrator can secure DNS servers against attacks by “hackers, spammers and phishers.”

The document is prepared by a NSA agent with the codename “I733” and is distributed in four places, including on a NSA intranet service called the Systems and Network Analysis Center (SNAC).

The document was found on the NSA’s website by doing a simple search on the key phrase “1-52,” the code given to the internal dossier “Classified National Security Information,” the NSA’s guideline on classifying information written in 2007. That policy is, itself, classified — it, and all works derived from it, are set to declassify on January 8, 2032 (information cannot be classified for more than 25 years, with some exceptions).

The discovery of the “BIND” document in the wild (and indexed by Google) comes at a time of great embarrassment for the NSA, which is reeling from the leak of a 41-slide PowerPoint presentation and related documents concerning a program called “PRISM,” which grants the government direct access into the servers of nine American tech companies, including Google, Microsoft, Apple, Aol and others. That direct access allows the government to obtain emails, chat conversations, photos, videos, login information and other customer data from the companies.

After two news organizations disclosed the existence of PRISM on Thursday, several of the tech companies mentioned in the report denied participating in — or in some cases, even knowing about — the PRISM program. But there’s little doubt that PRISM exists and is being used by the U.S. government — the Director of Intelligence issued a scathing statement later Thursday night in which he charged both news organizations with printing inaccuracies while at the same time confirming existence of the program.

The response, amplified on Thursday, has been unified by officials over the past few weeks: The leak of classified information to reporters hurts American security. The discovery of the classified “BIND” document, however, can’t be blamed on any whistleblower leaking it to the press.

The document is located in a folder called “vtechrep” on the NSA’s public-facing server. Ironically, the folder contains several documents on how to prepare “sanitized” reports to fulfill FOIA and other requests, including a report titled “Redacting with Confidence that details how to censor information from documents published with Microsoft Word software.

The NSA did not return a request for comment, though presumably they saw I would be emailing them before I hit the “send” button.