For those wondering about the state of America's cybersecurity, consider the latest item: Tiversa, a Pennsylvania security company, recently discovered that highly sensitive data had leaked from a defense contractor onto public peer-to-peer networks. Among the files leaked was one containing detailed information about President Obama's helicopter, Marine One. "We found a file containing entire blueprints and avionics package for Marine One, which is the president's helicopter," Tiversa CEO Bob Boback said in an interview with NBC's local affiliate in Pittsburgh, WPXI. "What appears to be a defense contractor in Bethesda, Md., had a file-sharing program on one of their systems that also contained highly sensitive blueprints for Marine One."
In addition to the technical information, the files from the defense contractor included a variety of financial information with potential intelligence uses, including costs related to transporting the president from the White House to various locations in the D.C. area, including Andrews Air Force Base and Camp David.
P2P Program Defaults
The preliminary results of the investigation into the incident suggests the breach was unintentional. An employee at the defense contractor reportedly installed a peer-to-peer sharing program and forgot to turn off the program's default sharing.
Most P2P clients are set up to automatically share common folders such as "My Music" or "My Documents"; some even go so far as to "share" an entire hard drive. Unfortunately, in this case, the hard drive in question contained a variety of classified files.
Retired Air Force General (and former presidential candidate) Wesley Clark, a consultant with Tiversa, told WPXI that any threat had been contained. "We found where this information came from," he said. "We know exactly what computer it came from. I'm sure that person is embarrassed and may even lose their job, but we know where it came from and we know where it went."
Oh, Really?
Clark's confidence may be misplaced, given the fact that the IP address at which Tiversa first found the Marine One file was located in Tehran, Iran.
Boback noted that a number of countries actively scan peer-to-peer networks for sensitive information, including Pakistan, Yemen, Qatar and China. "They are actively searching for information that is disclosed in this fashion," Boback told the television station, "because it is a great source of intelligence."
The incident has already caught the attention of Congress and may lead to inquiries into computer-security procedures at sensitive installations. Among the questions that need to be answered: How was it possible for P2P software to be installed on a computer with such sensitive information? What training, if any, was conducted to educate employees about potential security breaches using P2P software? And why was P2P traffic allowed at all on the contractor's network? (source: Sci-tech Today)
No comments:
Post a Comment