Feeds

That classified US military report's secrets in full

PDF cock-up reveals facts, figures and names

  • alert
  • submit to reddit

SANS - Survey on application security programs

In an incredible online cock-up, the full details of a classified US military report into the shooting of Italian secret agent Nicola Calipari in Iraq have been made widely and publicly available.

The error was caused by the US military itself, which posted an unclassified version of the report on the internet as a PDF file with large chunks blacked out. However, the Pentagon had failed to save the file with the edit lines in place so a simple copy-and-paste of the document into a word processing application revealed the report in full.

The Pentagon has since pulled the PDF, but not before it became widely downloaded and now copies of both it and the uncensored version are widely available on the Internet.

So what were the military secrets so important that they could not be revealed to the public? Well, they fall into three categories. First, information that the army has clearly withheld to prevent journalists from reporting unpleasant facts and figures. Second, details of standard US military procedure when it comes to roadblocks. And lastly, the names of those individuals and units involved.

Specialist Mario Lozano was the only soldier to fire during the incident in which Mr Calipari died in Baghdad. Mr Calipari and his colleague in the Italian military intelligence, Mr Andrea Carpani, were returning from a successful mission to release Italian journalist Giuliana Sgrena, who had been kidnapped months earlier by insurgents. They were heading to the airport when they came across a US roadblock .

Despite both Mr Lozano and Mr Carpani already being in the public domain as those involved, their names were blacked out. As were the names of all US military personnel involved in the incident, including commanding officer of A company Captain Michael Drew, First Lieutenant Robert Davis and the man in charge at the scene, Second Lieutenant Nicolas Acosta. The Italian authorities claim that three US soldiers fired at the car. The US report claims only one soldier fired.

The information pulled out solely to avoid embarassment includes:

  • The fact that there were 3,306 attacks by insurgents in Baghdad between 1 November 2004 and 12 March 2005; 2,400 of them aimed at coalition forces.
  • The fact that soldiers and commanders, and not only journalists, described the road the car was travelling down, "Route Irish", as the "deadliest road in Iraq".
  • The fact that there was no alternative to Route Irish for large numbers of troops every day
  • That there is a "minimum of one attack a day" on the route
  • The methods used by insurgents, including putting a bomb in a bin bag, setting timers, and pretending to be roadmen fixing the road when in fact they were planting bombs
  • That there is such a thing as a "politicial military counselor" who has the authority to direct military operations according to Washington's orders.

Most significant censorship however surrounded the recommendations, the first of which stated that from now on the military should look at installing "non-lethal measures" such as spike strips and speed bumps long before a soldier in a gun turret. Clearly this would have spelt out the headline for media reports of the inquiry, and seen heavy criticism of the US military.

Also removed were recommendations that different signs be used, and that a gunner in a turret should not have to operate both a spotlight and a gun at the same time at a roadblock - which is what happened in this case and may have been the cause of Mr Calipari's death.

As for the rest of it, it is simply the military removing all mention of its explicit tactics, the names, numbers and types of divisions that were in certain parts of Baghdad at the time, and other information such as US military training grounds and definitions of things such as "hostile act" and "hostile intent".

The leak of the information may further inflame Italians against the report. Italian authorities have already publicly questioned the conclusions. ®

Related links

A classified unclassified version of the report [Word doc]
The original report with sloppy security [pdf]

Related stories

Introducing the 'Matrix' laptop-triggered landmine
Bush twins to join Air Force tech unit in Iraq
US intel agencies 'incompetent'

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.