Obama Helicopter Security Breached By File Sharing 408
Hugh Pickens writes "A company that monitors peer-to-peer file-sharing networks has discovered a potentially serious security breach involving President Barack Obama's helicopter. 'We found a file containing entire blueprints and avionics package for Marine One, which is the president's helicopter,' says Bob Boback, CEO of Tiversa, a security company that specializes in peer-to-peer technology. Tiversa was able to track the file, discovered at an IP address in Tehran, Iran, back to its original source. 'What appears to be a defense contractor in Bethesda, Md., had a file-sharing program on one of their systems that also contained highly sensitive blueprints for Marine One,' says Boback, adding that someone from the company most likely downloaded a file-sharing program, typically used to exchange music, without realizing the potential problems. 'I'm sure that person is embarrassed and may even lose their job, but we know where it came from and we know where it went.' Iran is not the only country that appears to be accessing this type of information through file-sharing programs. 'We've noticed it out of Pakistan, Yemen, Qatar and China. They are actively searching for information that is disclosed in this fashion because it is a great source of intelligence.'"
What a coincidence! (Score:1, Informative)
What a coincidence that a security breach on the president's current Marine One became known right after he nixed the multi-billion dollar plan to get new ones.
http://www.nytimes.com/2009/02/24/us/politics/24chopper.html?ref=politics
Re:takes 2 to tango (Score:1, Informative)
What you described is how they handle "Top Secret" and sometimes "Secret" data. "Classified" data security is much more open. Pretty much anyone can have Classified data laying around.
My Experience... (Score:1, Informative)
I was on my ship-won't say which one-processing our morning traffic, and we'd recently switched over to using Outlook on the secure lan. There was an airgap between the SIPR and NIPR side of the house, so there were no worries, or at least there shouldn't have been.
Well, I'm processing the UNCLASS traffic, and what should come into the ship's inbox but an email from outside email address. I clicked on it, and Norton went berzerk, locking it down and freezing it before it could do anything. I forget which virus it was, but this was back in the late 90's.
Since it was safe to look at using notepad, I dug into it and found out the email itself was what we call a "MOVEREP", or ship's movement report. Those are classified, usually confidential. You don't want the enemy to know where you are going to be, after all.
It turns out the captain had carried the moverep home on a floppy (sneakernet ftw) to work on it, and had inserted it into his home machine. BIG no-no. And the machine-which was infected-dutifully grabbed the message and sent it out as a virus-infected file to everyone in the captain's private email list. Based on the TO: field, I'd say there were some 75 people that got a slightly jumbled moverep mixed in with private email and porn, and a serious case of "WTF-itis"
The captain didn't get in too much trouble, since it was later learned that sneakernet editing of movereps was actually quite common in those days. LOTS of work got taken home, and officers were already kind of lax about security. But it still highlighted a serious security risk and that hole was quickly plugged. All the officers got additional training, and ship's captains got private lines installed at home if they needed it.
One of the less painful "lessons learned" I've had the chance to witness.
Re:Cue the Hysteria... (Score:5, Informative)
* we've always been at war with Eastasia, right?
Re:President gets a new Marine One (Score:5, Informative)
Really though, it's probably just unrelated coincidence. Most things like this are completely unplanned. Conspiracies require competence, and you just don't find that in government much.
Re:Cue the Hysteria... (Score:4, Informative)
I don't know how long ago you were in military intelligence, but these days people leave their agency and then come back on Monday as a contractor with Booz Allen Hamilton or SAIC. If you haven't already, read Spies for Hire by Tim Shorrock.
Re:Cue the Hysteria... (Score:3, Informative)
AKA #3 above.
Re:Cue the Hysteria... (Score:3, Informative)
Re:OH ..Well... (Score:4, Informative)
It's a custom helicopter (just like air force 1 is a custom plane). You could for example get some sort of unique radar response from the plane, telling you the location of the helicopter, or worse, giving you something to program a sidewinder with.
Same goes for air force 1. If you had the specs of it's fof tranceiver you could wait until it's crossing the atlantic, then launch a rocket towards it which they have no chance to evade.
Basically it would reduce the problem of killing the president of the USA from successfully attacking a wide range of security forces, just to make sure you cover all angles, to the problem of making 1 tiny pinpoint strike. With the blueprints or a location indicator you'd could execute a pinpoint strike that would take involve almost no risk for the perpetrators and would sure as hell kill the prsident.
Re:This person is screwed, and should be. (Score:2, Informative)
Having worked on classified projects, I really have to question the story's veracity. Computers with highly classified data are NOT connected to the internet.
My experience was 15 years ago, but I find it hard to believe it would change that much. I remember having to certify that a brand new blank tape didn't have classified data on it, so I could take it out of the building to an unsecured area to get a file emailed from an unclassified contractor.
Hell, we couldn't even bring in a CD player if we ever wanted to take it back out again.
Re:Insecure systems (Score:5, Informative)
You apparently have no clue how DOD classified networks work such as SIPRnet [wikipedia.org] or JWICs [wikipedia.org]. Anything classified has no connection to the unclassified internet. The SIPRnet and JWICS system passes though a KG-175 [jproc.ca], which in turns encrypts the traffic, to go though the normal network. If for example a windows SIPRnet, or JWICs system gets comprised with spyware. The only one who could touch these systems is people on the SIPRnet or JWICS. Just because the machine is comprised doesn't make the computer decide to send unencrypted data or open holes in the network, since any traffic leaving the network has to go though the KG-175. Now if some idiot user decides to connect a classified system to network, that's a much bigger issue that they call data spillage.
Any computer not classified is essentially on the NIPRnet (or unclassified network) for example, but the only data that is allowed on it is up to sensitive information such as SSNs, random forms, and TPS reports. Even flight schedules are not supposed to be NIPRnet.