Confidential Chicago terrorist threat assessment leaked over P2P
The study was done in '02 by consulting firm Booz Allen Hamilton
Computerworld - Officials at consulting firm Booz Allen Hamilton Inc. are looking into how a Fox News reporter acquired a confidential terrorist threat assessment on Chicago over a public file-sharing network.
Larry Yellen, an investigative reporter with WFLD Fox News in Chicago, on Tuesday reported that he recently used a peer-to-peer (P2P) program called LimeWire to obtain the Booz Allen document. The firm authored the document in 2002.
George Farrar, a spokesman for Booz Allen, today confirmed the incident and said the document was commissioned by the Federal Transit Administration (FTA) five years ago. It was one of 35 threat assessments of the nation's bus and rail systems that Booz Allen was commissioned to do by the agency.
"Essentially, yes, those were Booz Allen documents that were available on the Internet via a peer-to-peer file-sharing system," Farrar said. "What we don't know is from what system those documents made their way to the Internet."
Farrar said that after Booz Allen completed the threat assessment, it made the document available to numerous federal, state and private-sector entities and first responders as required under its contract with the FTA. It was then the responsibility of those entities to protect the documents, Farrar said.
"We investigated internally and didn't find the document on our computers," Farrar said. He also noted that employees at Booz Allen cannot connect to file-sharing networks at work. "We are continuing to investigate. We can't say definitely one way or the other," who the source of the leaked document was. But he said it is possible that the document was leaked from a computer belonging to one of the entities that got the report.
"We don't know what controls were put in place after the document left our hands. So far, we haven't been able to find evidence that it was from our computers," he said.
The Booz Allen incident again highlights what some analysts say is a growing problem: the easy availability of all sorts of government, personal and confidential information on P2P networks.
The situation is the result of information being leaked onto these networks by individuals who fail to take precautions for securing their computers during P2P sessions. Popular P2P clients such as Kazaa, LimeWire, BearShare, Morpheus and FastTrack are designed to let users quickly download and share music and video files. Normally, such clients allow users to download files to -- and share items from -- a particular folder on their system with other users on the network. But if the access these P2P clients have on a system is not controlled, it is easy to expose and share personal data with all other users on a file-sharing network.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts