UK Defense Security Manual Leaked

Wow. It’s over 2,000 pages, so it’ll take time to make any sense of. According to Ross Anderson, who’s given it a quick look over, “it seems to be the bureaucratic equivalent of spaghetti code: a hodgepodge of things written by people from different backgrounds, and with different degrees of clue, in different decades.”

The computer security stuff starts at page 1,531.

EDITED TO ADD (10/6): An article.

Posted on October 5, 2009 at 3:10 PM27 Comments


pegr October 5, 2009 3:26 PM

So Bruce is posting links to Wikileaks now? Is Bruce going to start his own Bittorrent tracker?

moo October 5, 2009 5:57 PM

@Billy: I was drinking coffee when I read your comment and barely managed not to choke on it!

This is one of those stranger-than-fiction things. I always knew the gov’t spent our taxes on all manner of ridiculous things, but its kind of funny when something like this comes to light.

honeypot October 5, 2009 6:17 PM

download from the Swedish web site, it comes through fine. LInk is at bottom of the original wiki article.

Neighborcat October 5, 2009 7:08 PM

Ah, there it is! Page 1508:

“When moving a Hippopotamus by road, in no case should the container nor any truck bearing the container be labeled “Hippopotamus”.”


Аnonymous October 6, 2009 2:38 AM

Just a teensy warning to UK readers: as this document is classified (albeit at the very lowest level), in the UK unauthorised possession of it is a crime under the Official Secrets Act. It is no defense that someone else has already published it on the internet; unlike, say, trade secrets, publication does not remove the legal protections on the document.

BF Skinner October 6, 2009 6:19 AM

“instructions on dealing with …, investigative journalists, Parliamentarians, foreign agents, terrorists & criminals, …, allies, …, computer hackers”

Interesting group of friends has MoD. Glad I work for UNIT.

bob October 6, 2009 6:44 AM

I’ve always wondered – whats the point of having the hash displayed on the page?

Either the downloaded document opens cleanly or it does not; and if not I will be able to figure it out its broken without checking the hash (because the document itself will look like a hash?). And if it is broken, I can’t fix it by reversing the hash or anything, I have to re-download it.

And if I am putting up a fake website hosting a fake document then I will probably put up a fake hash that matches it while I am at it. DOUBLY so if it is malware.

What am I missing here?

Aguirre October 6, 2009 6:49 AM

@ Anonymous … Just a teensy warning
@ Nik

Yes, very important for those in the UK not to download this document.

Please leave this to intelligence professionals: the GRU, the SVR, Old Uncle Tom Cobley and all.

bob October 6, 2009 7:13 AM

@moo: It isnt funny. Every UK citizen’s entire gross income from Jan 1 thru Jan 7 of 2008 was probably consumed in developing this thing. And their entire before tax income from the rest of this week is going to go into “recrimination theatre” while the guilty play CYA and a department that had nothing to do with the failure [and therefore does not have its defences up] gets decimated. And then all income from next Jan 1 – Jan 14 [have to do a better job this time – more money] will go into writing something different that’s longer, more disjointed, less useful but tracked much better, meanwhile, back at justice league headquarters, an unrelated department leaks sensitive information from 34,001,312 UK citizens because no actually meaningful security changes took place.

@Аnonymous: – so everyone in the entire world EXCEPT people in the UK [who paid for it and are the ones most affected by it] are allowed to read this. Brilliant – that’s like the signs we have on buildings here in the US saying “people who obey laws are NOT allowed to bring guns on this property” thereby leaving a clear field available for people who do NOT obey laws; which are the only people we needed kept out in the first place. OR when they bring a “terrorist” to court [granted this has happened so few times as to defy drawing patterns] and the government states that the evidence is classified so the defendant is not allowed to see it. WTF? It seems to me either A) the defendant is guilty in which case he already knows what he did so keeping it secret is stupid OR B) the defendant is innocent in which case the information is wrong so keeping it secret is stupid. Either way, there’s no point in keeping it classified.

Especially when innocent citizens are being harmed by their government(s) in the process of trying to protect innocent citizens from harm by outside parties. Hell, at least when an outside party attacks you its at their own expense not yours!

“Waste not; get your budget cut next year” – the motto of western government.

Bob October 6, 2009 8:42 AM

Perhaps we should all print a copy and hand it in to our local police station, explaining that we found it on the internet? 😉

karrde October 6, 2009 9:06 AM


I am under the impression that the hash is published to allow users to distinguish between this version and any edited, re-released version.

At least, that’s the usage I see elsewhere (download sites whih distribute ISO images of a Linux install publish hashes; that is the only set of reasons that make sense).

Not that edits of PDF’s are as easy as edits of other document formats…but it’s one way to check the document at hand.

-ac- October 6, 2009 9:27 AM

Perhaps some enterprising soul has put it on a P2P site so that it is copied to thousands of UK PCs…

Or sent copies to unsecured networked printers.

In the meantime, a lot of people may benefit from essentially a “best practice guide” on security.

Peter E Retep October 6, 2009 1:00 PM

Validations of two points:
Security by procedural secrecy alone is not secure.

Secrecy, like Censorship, does not work
but functions like a lie –
not to prevent knowledge,

but only delays to an uncontrolled degree who knows what, when.

It makes a poor policy for primary reliance, as it is mostly temporary and tactical and rarely strategic.

Shane October 6, 2009 4:23 PM


What you’re missing is that if a particular site is linking to documents hosted on other servers (ie – mirrored content), the hash is published to let users know that the document they downloaded from a server *other than the one displaying the page they are looking at, is (with a fair degree of certainty) the same document.

Vicki October 6, 2009 6:40 PM


There are major problems with keeping “evidence” secret from the defendant–most important, that it’s difficult if not impossible to refute arguments you aren’t told about. But the security argument here isn’t that the defendant will find out that they snuck into the palace on the 3rd of October, or stole so much plastic explosive: it’s that the defendant will find out that the CIA bugged a specific safe house, or heard about the theft from a specific informer or double agent. And that “the CIA knows we did X” is meaningful information distinct from “we did X,” and could be useful to any of the defendants comrades-in-arms who are still out there and trying to plan future attacks or defenses.

Nostromo October 7, 2009 12:19 AM

@Nik and others:

Copyright applies to people in almost all developed-country jurisdictions, not just the UK. The fact that it’s “Crown Copyright” does not mean that everybody outside the UK is legally free to copy it. Why did you think it might?

Clive Robinson October 7, 2009 5:48 AM

I’m reminded of the old joke about “The rules of the house” that used o float around the web.

Where rule #1 was,

If any man finds out the rules or guesses one, then the effected rules are immediatly changed.

Most of what is contained in restricted documents is usually from open sources and is of little interest over and above those sources (other than it might be an agrigate). It’s generaly just used as a “just in case” catch all.

I suspect that like many documents of it’s ilk it is mainly a mixture of common sense and lessons from past experiance.

At a couple of thousand pages it is not something that most people with access to it are going to read from cover to cover if at all, unless they are going to be tested on it.

Gunnar K. A. Njalsson April 4, 2010 9:57 AM

I am not going to take a stance on the quality of the document or its sources. I have only read bits and pieces and that obviously does not give enough info to make a quality statement. However, as a corporate leader and professional working with cutting-edge research and info, I can tell you that this is not an “overreaction” on the part of the MoD (or any ministry or serious firm for that matter).

What many companies and even government bodies fail to realize is that “investigative journalists” (even the few who are actually seriously accredited) will often have an agenda of some sort.

If you’re lucky, that agenda may just be an irritating political slant or an attempt to discredit someone on the “wrong” side of the political spectrum. If you are not so lucky, that “journalist” may indeed be tidying things up and getting info for a domestic or foreign competitor. Chinese hacking and virus insertion has been a constant plague in our field, and I am not referring to a once-a-month phenomenon.

And even large technology corporations from Europe are not above trying to milk innovative smaller enterprises for trade secrets!

I fully support the efforts of the MoD and any responsible government ministry or enterprise to ensure that valuable strategic information and trade secrets are not pilfered off by the unscrupulous. Obviously, the MoD still has a considerable learning curve ahead of them.

EMS May 3, 2010 12:33 PM

Hi Giggles!

You have no Defense security telecommunications sec as undermined by Malcolm Tombs UK

Tombs has accessed your Defense communications systems for personal use, has accessed the RF spectrum/ Constellation class satellites for XT {transmission of UK defense op methods out of UK}.

Tombs has given the public your operational methods of info gathering by use RDD,s. for EW/ EA/ RI/ EMP; DW/ IW/ RW, Not limited to HCT/ BCI; A.I.

How is it your defense is undermined by Malcolm and Keith {S Parker}?

You cant be too secure if Tombs gives out use RDD,s for DEWINT {Interception electronic/ oral/ written communications} Names of providers used for parallel processing, Orbit information of Skynet 4/ 5 group!

bot joy May 3, 2010 12:36 PM

UK exports wireless acts terrorism at global public expense. You think anyone cares about what you say or defense?

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.