Classified U.S. military info, corporate data available over P2P
Inadvertent data leakage worse than thought, experts tell Congress
Computerworld - Millions of documents, both governmental and private, containing sensitive and sometimes classified information, are floating about freely on file-sharing networks after being inadvertently exposed by individuals downloading peer-to-peer (P2P) software on systems that held the data, members of a House committee were told yesterday.
The documents exposed included the Pentagon's entire secret backbone network infrastructure diagram, complete with IP addresses and password change scripts; contractor data on radio frequency manipulation to beat improvised explosive devices (IED) in Iraq; physical terrorism threat assessments for three major U.S cities; and information on five separate U.S. Department of Defense information security system audits.
Information about the breach came during a hearing on inadvertent file sharing over P2P networks held by the House Committee on Oversight and Government Reform chaired by Rep. Henry Waxman, (D-Calif.). One of those testifying was retired Gen. Wesley Clark, who is currently a board member of Tiversa Inc., a company that sells P2P network monitoring services to government agencies and private-sector companies.
Clark described how "in a matter of hours" he was able to lay hands on over 200 documents containing classified and secret government data from P2P networks using Tiversa's search engine. He came across the documents while preparing for the hearing.
Some of the data appears to have come from the system of a contract worker at the Pentagon who installed P2P software on her computer, Clark said. The data included everything from Iraq status reports to a list of soldiers with their Social Security numbers. "They are the complete documents. They are not faxed copies. They are not smudged. They are as fresh as if they were printed off the computer" of the organization they came from," he said.
"There's all kind of data leaking out inadvertently," Clark told the committee, noting that the documents he cited were "simply what we found when we put the straw in the water. The American people would be outraged if they are aware of what is being inadvertently being disclosed on P2P networks."
It's not just government data that is leaking out; so is a lot of sensitive corporate information, said Robert Boback, the CEO at Tiversa who also testified at the hearing. In written testimony, Boback listed several examples of corporate information that Tiversa was able to pull from P2P networks. It found, for instance, the board minutes of one of the world's largest financial services organizations, the entire foreign exchange trading backbone of a financial company and a comprehensive launch plan -- complete with growth targets -- of yet another financial company that was diversifying into a new region. Other corporate documents retrieved from P2P networks included press releases not yet issued, patent information, business contracts and nondisclosure agreements.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts