Classified data on president's helicopter leaked via P2P, found on Iranian computer
The information about Marine One apparently leaked last summer
Computerworld - Classified information about the communications, navigation and management electronics on Marine One, the helicopter now used by President Barack Obama, were reportedly discovered in a publicly available shared folder on a computer in Tehran, Iran, after apparently being accidentally leaked over a peer-to-peer file-sharing network last summer.
The classified file appears to have been leaked from a computer belonging to a Bethesda, Md., military contractor and was discovered Thursday by Tiversa Inc., a Cranberry Township, Pa.-based P2P monitoring services provider. P2P networks are widely used to share music, video and data files over the Internet.
The Iranian IP address at which the file was found belongs to an "information concentrator" -- someone who searches P2P networks for sensitive information, said Chris Gormley, chief operating officer at Tiversa. The location where the file was found included several other documents with classified and sensitive military information that were also leaked over file-sharing networks, Gormley said. He did not disclose what the other documents were.
According to Gormley, Tiversa first found information about Marine One's avionics floating around on file-sharing networks last summer and notified the contractor and the authorities about the discovery. Last week's search shows that copies of the document are still available on P2P networks to anyone who knows how to look for it, he said.
This is not the first time that highly classified and sensitive information has been discovered on P2P networks. In July 2007, members of a congressional subcommittee heard from a panel of security experts, including executives at Tiversa, about how they had found millions of classified documents on file-sharing networks. Among the examples cited were a diagram of the Pentagon's secret backbone network infrastructure, complete with IP addresses and password-change scripts; contractor data on radio frequency manipulation used to defeat improvised explosive devices in Iraq; physical terrorism threat assessments for three major U.S cities; and information on five Department of Defense information security systems audits.
Barely a month ago, a professor of operations management at Dartmouth College's Tuck School of Business released a report showing how large amounts of sensitive patient health care data was available on P2P networks after being accidentally leaked by health care providers, physicians and business associates. The data discovered as part of the Dartmouth study included a 1,718-page document containing Social Security numbers, dates of birth, insurance information, treatment codes and other health care data belonging to about 9,000 patients at a medical testing laboratory. Also unearthed were more than 350MB of sensitive patient data for a group of anesthesiologists, and a spreadsheet with 82 fields of information on more than 20,000 patients belonging to a health system.
According to Gormley, Tiversa has also been able to find 120,000 tax records belonging to individuals in New York.
Corporations are not immune, either. In June 2007, personal data on about 17,000 Pfizer Inc. workers was exposed by an employee who installed unauthorized file-sharing software on a company laptop containing that data. And just last year, an Alexandria, Va.-based investment firm, Wagner Resource Corp., had to notify about 2,000 clients -- including U.S. Supreme Court Justice Stephen Breyer -- about the exposure of their names, Social Security numbers and birth dates on a P2P network after an employee downloaded file-sharing software on a company laptop.
Such disclosures point to the continuing risk companies face from P2P file-sharing, according to security experts. Normally, popular P2P clients -- such as Kazaa, LimeWire, BearShare, Morpheus and FastTrack -- let users download files and share items from a particular folder. But if proper care isn't taken to control the access these clients have on a system, it is easy to expose data unintentionally.
Companies need to take measures to protect against such risks, said Avivah Litan, an analyst at Gartner Inc. Among the measures she recommends are the use of file encryption technologies to protect sensitive files, data loss prevention tools to block leakage of data over corporate networks, and the use of intrusion-detection and network behavioral analysis products to detect P2P file-sharing. Companies also need to block the installation of P2P software on client systems and block P2P traffic at the gateway, she said.
A lot of what Tiversa has found on P2P networks has been "pretty outrageous" and underscores the need for better controls, Litan said, The Marine One avionics information "is just an example" she said. "It basically drives home the point that companies cannot forget about P2P."
Read more about Security in Computerworld's Security Topic Center.
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!