I don’t work in tech so forgive the ignorance. How is the communication at the DoD (especially the SF-86) not encrypted and why it is sitting on an email server?
It is encrypted, at rest. If this was taken from an active mail server, the mail server's software needs access to the unencrypted data to work, therefore that is moot.
As to why mail servers hold email? That's how they, namely IMAP or EAS, work. If the mail server didn't have the mail, and the authorized user wanted the mail, where is it meant to come from?
The more pertinent question is: Why was a DoD mail server connected to the public internet? The DoD have their own network.
I ran the mail servers for the Defense Information Systems Agency at DISA.mil.
For unclassified systems, of course those are connected to the Internet. How else would you communicate with the rest of the world? And I filled out an SF-86 when I applied to be hired by them. There's nothing classified on an SF-86. No classified data was leaked when OPM was hit by Chinese hackers that stole all sorts of PII data for everyone who held a security clearance, including fingerprints and retina prints. Oh, and OPM was hit by the Chinese not once, but twice.
For classified systems, those are connected to the SIPRnet or other classified "internet". And those classified internets are typically shared with other governmental agencies, and not unique to DoD.
The actual SF-86 is filled out online. If it is on an email server then it probably means the person generated the PDF copy from the site for their records and emailed it to themselves.
The only SF-86s that should be outside of eQIP are hardcopies printed by investigators and copies saved by the submitters who emailed them to themselves for some reason.
Of course, this is the Pentagon so there's probably dozens of ancient generals who don't know how to use a mouse who had an aide fill it out and email it to another aide to be put into eQIP.
edit: lol nevermind it's SOCOM, those meatheads can't be trusted to not write a thousand books spilling the (mostly embellished) details of every little thing they did in the military as soon as they get out in the hopes that Tatum Channing will play them in a movie or amazon series so this isn't a surprise.
Someone1234|3 years ago
As to why mail servers hold email? That's how they, namely IMAP or EAS, work. If the mail server didn't have the mail, and the authorized user wanted the mail, where is it meant to come from?
The more pertinent question is: Why was a DoD mail server connected to the public internet? The DoD have their own network.
bradknowles|3 years ago
For unclassified systems, of course those are connected to the Internet. How else would you communicate with the rest of the world? And I filled out an SF-86 when I applied to be hired by them. There's nothing classified on an SF-86. No classified data was leaked when OPM was hit by Chinese hackers that stole all sorts of PII data for everyone who held a security clearance, including fingerprints and retina prints. Oh, and OPM was hit by the Chinese not once, but twice.
For classified systems, those are connected to the SIPRnet or other classified "internet". And those classified internets are typically shared with other governmental agencies, and not unique to DoD.
MichaelZuo|3 years ago
thejteam|3 years ago
rocket_surgeron|3 years ago
Of course, this is the Pentagon so there's probably dozens of ancient generals who don't know how to use a mouse who had an aide fill it out and email it to another aide to be put into eQIP.
edit: lol nevermind it's SOCOM, those meatheads can't be trusted to not write a thousand books spilling the (mostly embellished) details of every little thing they did in the military as soon as they get out in the hopes that Tatum Channing will play them in a movie or amazon series so this isn't a surprise.