Data about presidential helicopter leaked via P2P

Computerworld - A company that monitors peer-to-peer networks said it found classified information about the systems used onboard the U.S. president's helicopter in a shared folder on a computer in Iran, after a file containing the data was accidentally leaked on a peer-to-peer network last summer.

The file appears to have come from a computer belonging to a Bethesda, Md.-based military contractor, according to Tiversa Inc., which said it discovered the classified material on the Iranian system on Feb. 26.

Chris Gormley, Tiversa's chief operating officer, said the IP address of the system in Iran belongs to an "information concentrator" -- someone who searches P2P networks for sensitive data.

According to Gormley, Tiversa first found the data about Marine One's communications, navigation and flight management systems on file-sharing networks last summer. The company notified the defense contractor and law enforcement authorities back then, he said. But, he added, the finding in Iran shows that the information is still available online.

There are numerous other examples of sensitive data leaking onto P2P networks. In 2007, for instance, security researchers told federal lawmakers that they had found millions of classified documents, including a diagram of the Pentagon's secret backbone network infrastructure, complete with IP addresses and password-change scripts.

That same year, the personal data of 17,000 workers at Pfizer Inc. was exposed after an employee installed file-sharing software on a company-owned laptop.

Gartner Inc. analyst Avivah Litan said IT managers should take measures such as encrypting files, preventing P2P software from being installed on PCs and blocking P2P traffic at network gateways. The availability of the Marine One data "drives home the point," Litan said, "that companies cannot forget about P2P."

This version of this story originally appeared in Computerworld's print edition.