Obama Helicopter Security Breached By File Sharing 408
Hugh Pickens writes "A company that monitors peer-to-peer file-sharing networks has discovered a potentially serious security breach involving President Barack Obama's helicopter. 'We found a file containing entire blueprints and avionics package for Marine One, which is the president's helicopter,' says Bob Boback, CEO of Tiversa, a security company that specializes in peer-to-peer technology. Tiversa was able to track the file, discovered at an IP address in Tehran, Iran, back to its original source. 'What appears to be a defense contractor in Bethesda, Md., had a file-sharing program on one of their systems that also contained highly sensitive blueprints for Marine One,' says Boback, adding that someone from the company most likely downloaded a file-sharing program, typically used to exchange music, without realizing the potential problems. 'I'm sure that person is embarrassed and may even lose their job, but we know where it came from and we know where it went.' Iran is not the only country that appears to be accessing this type of information through file-sharing programs. 'We've noticed it out of Pakistan, Yemen, Qatar and China. They are actively searching for information that is disclosed in this fashion because it is a great source of intelligence.'"
Well... (Score:5, Funny)
So where's the torrent?
Re: (Score:3, Interesting)
This person is screwed, and should be. (Score:5, Insightful)
Hell....lose his/her job?
If they're lucky that will be all they lose. When you're doing DoD work for the Feds....you sign some pretty heavy forms about your responsibilities and the ramifications if you break them....accident or not.
If this asshole did this with what I would have to guess was secure information....putting these plans on a non-secure computer, that alone can get you some heavy legal problems, and possibly jail time.
Re:This person is screwed, and should be. (Score:4, Insightful)
I have to agree with this. What happened to established security protocol?
Its sounds like, if anything, someone transfered the data to a non-secure machine.
What sounds a LOT more plausible is that this is all an attempt to further demonize P2P. And, I say this with my tinfoil hat still on the hat rack.
The source alone brought up green nasties for me. MSNBC?
Re: (Score:3, Insightful)
And these could also be fake plans, just like the French did with the Concorde. The French leaked fake plans of the Concorde to the Russians. The Russians built it to spec in secret, and the Russian Concorde crashed the first day it ever flew (in its first test flight). Now just imagine, now that those helicopter plans are out there, every dictator or prime minis
Re:Insecure systems (Score:5, Informative)
You apparently have no clue how DOD classified networks work such as SIPRnet [wikipedia.org] or JWICs [wikipedia.org]. Anything classified has no connection to the unclassified internet. The SIPRnet and JWICS system passes though a KG-175 [jproc.ca], which in turns encrypts the traffic, to go though the normal network. If for example a windows SIPRnet, or JWICs system gets comprised with spyware. The only one who could touch these systems is people on the SIPRnet or JWICS. Just because the machine is comprised doesn't make the computer decide to send unencrypted data or open holes in the network, since any traffic leaving the network has to go though the KG-175. Now if some idiot user decides to connect a classified system to network, that's a much bigger issue that they call data spillage.
Any computer not classified is essentially on the NIPRnet (or unclassified network) for example, but the only data that is allowed on it is up to sensitive information such as SSNs, random forms, and TPS reports. Even flight schedules are not supposed to be NIPRnet.
Re: (Score:3, Funny)
Source ?
It's Windows, you're not allowed to see the source.
Re:OH ..Well... (Score:5, Funny)
Who Cares ????...... i don't...
If the Rebels have obtained a complete technical readout of this helicopter it is possible, however unlikely, that they might find a weakness, and exploit it.
Does the helicopter have a long trench leading up to a ventilation shaft?
Re:OH ..Well... (Score:4, Funny)
And now you will witness the power of this fully operational helicopter!
Re:OH ..Well... (Score:4, Informative)
It's a custom helicopter (just like air force 1 is a custom plane). You could for example get some sort of unique radar response from the plane, telling you the location of the helicopter, or worse, giving you something to program a sidewinder with.
Same goes for air force 1. If you had the specs of it's fof tranceiver you could wait until it's crossing the atlantic, then launch a rocket towards it which they have no chance to evade.
Basically it would reduce the problem of killing the president of the USA from successfully attacking a wide range of security forces, just to make sure you cover all angles, to the problem of making 1 tiny pinpoint strike. With the blueprints or a location indicator you'd could execute a pinpoint strike that would take involve almost no risk for the perpetrators and would sure as hell kill the prsident.
Re:OH ..Well... (Score:4, Insightful)
The problem you really seem to have is that somehow you believe you whole country comes to a stop when a president dies. They are just another elected official, they whole idea of commander in chief is crazy. The whole power base should be distributed with clear areas of responsibility and liability, less focus on the president and much more focus on all the other positions, positions which in reality should be by individuals who have been elected to a position of trust by the people.
The whole idea of random political appointments with only limited oversight is not really all that healthy and is readily abuses. At the very least all major positions within the administration should be filled by sitting members from the house of representatives, you are already paying them enough, why employ additional political hanger ons.
All decisions by the administration should be subject to to continual review by the supposedly 'representative' houses and in reality should reflect the views of many people rather than just one. You are no electing a King or Queen and in many countries the 'president' is just a figure head whose power is basically limited to ensuring that the rest of governments sticks to the legislated rules.
So lose a president should basically be just a 'whoops', replace them with another and the system keeps ticking along fine, where one person can have such a profound influence over everybody else's lives even for just eight years is really wrong and people will suffer for it, as the recent past has clearly demonstrated.
Cue the Hysteria... (Score:4, Insightful)
Gee. That's a nice balanced summary, ahead of the histrionic response of "OMG file sharers are breaching national security!"
Re: (Score:3, Insightful)
My question is more like, who the hell is still using that sort of old-an-busted P2P software (bearshare, kazaa, etc) that does autosharing of folder contents like that? And really, someone with blueprints and such for marine one?
Someone tell that guy/gal it's 2009.
Re: (Score:2)
Yea these people should be more then just fired in my opinion. Ignorance is no excuse for breaking any law, I don't see why breaching national security is any different. Scooter Libby didn't have to serve any jail time, but hopefully the new president takes things more seriously.
Re:Cue the Hysteria... (Score:4, Insightful)
1. the idiot who thought it was OK to install a file sharing program on a work computer
2. the idiot who installed said program, AND had the folder/directory containing the sensitive files shared out.
3. the idiot admins who allowed him to install said program
4. the idiot admins who allowed that traffic over the network
5. the idiot admins who allowed those ports open
6. people who think that 'anything but Windows' is automatically secure.
On any other OS, this idiot would have done exactly the same thing, simply because he is an idiot.
Re:Cue the Hysteria... (Score:5, Insightful)
.. but most importantly:
1. the idiots that believed the story. :rolleyes:
Re: (Score:3, Informative)
AKA #3 above.
Re: (Score:2)
indeed, reflex commenting at its worst...
sorry about that...
Re:Cue the Hysteria... (Score:5, Insightful)
And people still die in Volvos. Yes, it may be harder to do so, but the uberidiot will always find a way.
The poster implied that that using something other than Windows would have been better. I posit that this particular user would have screwed the pooch no matter what OS they were on. This was not a built-in vulnerability of Windows (of which there are many). This was a built-in vulnerability of being an idiot user.
Re: (Score:3, Funny)
Re: (Score:3, Informative)
Re: (Score:3, Insightful)
Re:Cue the Hysteria... (Score:5, Informative)
* we've always been at war with Eastasia, right?
Re:Cue the Hysteria... (Score:4, Informative)
I don't know how long ago you were in military intelligence, but these days people leave their agency and then come back on Monday as a contractor with Booz Allen Hamilton or SAIC. If you haven't already, read Spies for Hire by Tim Shorrock.
Re:Cue the Hysteria... (Score:5, Insightful)
From the article:
"Clark told WPXI that he doesn't know how sensitive this information is, but he said other military information has been found on the Internet in the past and should be monitored more closely."
Nothing in the article said the information was classified, so it looks to me like it's kind of a "mountain out of a molehill" kind of thing - there's plenty of information about military hardware out there that looks scary to someone that doesn't know anything about the subject matter, but is strategically/tactically useless just the same. Similar information regarding the VC-25 fleet has been out there for some time, and I don't trust a reporter or employee of a peer-to-peer company to be able to evaluate whether something contains full documentation of "entire blueprints and avionics package for Marine One".
I worked for several years for a Navy contractor in their submarine combat systems department. Anything, *anything* that was classified was A.) kept in an area with physical access controls (often including unfriendly guys with guns), B.) if available electronically, was on a separate network physically inaccessible from outside that controlled area, and C.) if anything had to go outside that controlled area (software updates for the boats, for instance), there was a two-man protocol to be followed, with one of our guys and one of the Navy guys in custody 24x7 of whatever media had classified data on it. Even assuming the article is correct and there was truly useful information made available, the problem isn't that file-sharing is bad, or that Windows is insecure - the problem is that both the contractor and the agency they serve had lapses in their security protocol that would let such information anywhere near a non-secured network, and the appropriate security audits weren't taking place.
Re: (Score:3, Interesting)
>>>why are the idiots storing their sensitive information in a WINDOWS MACHINE!?
Uh, most defense contractors use Windows machines connected to a Windows network. I could go into work right now and by sorting through the publicly-shared Q: drive, find all kinds of schematics and information. Probably most of it I'm not supposed to know, and yet it's there for every engineer/technician to read.
Then if I did something stupid, like load Kazaa and point it to the Q: drive, boom, instant sharing with t
Re: (Score:2, Insightful)
Re:Cue the Hysteria... (Score:5, Insightful)
There's even more profit in REPLACING the now 'breached' current presidential helicopter fleet over these blueprints.
Don't even think that this has primary IT implications.
This is more about giving the polititians cover to continue the cost overruns.
Marine One Upgrade Plan Stirs Debate [kdka.com]
A helicopter (one) that costs as much as (one) Boeing 747!
Wow...
Re: (Score:3, Funny)
Yes, this is absolutely a lobbying ploy. How the hell do they know "exactly which computer the information came from" unless they had direct access to the defense contractor's computers?
It was pretty easy. The first 15 computers we walked up to said "Press CTRL+ALT+DEL to login". The 16th computer was already logged in as "DEFCONTR\administrator" and had the Kazaa icon in the systray.
Re:Cue the Hysteria... (Score:5, Insightful)
I don't think there's anything unfair about the summary. P2P applications are a security risk, and I know I don't allow my users to install them on their work computers.
Let me put it this way: Any time you're setting a computer up to be a server on the Internet, it's always a security risk. There are risks associated with bugs and things like that, but also (and perhaps more importantly) there are risks associated with misconfiguration. This is very relevant for P2P applications, which might come configured by default to share files that you don't want to share.
So yes, if people with high security clearances are installing Kazaa on their work computers and sharing out all their documents, then "OMG file sharers are breaching national security!"
Re: (Score:3, Insightful)
Yes every time you do anything actually there is risk. Walk out on the sidewalk? Risk. Light a fire? Risk. Put a computer on the internet? Risk.
The problem is that the word 'risk' without anything else is used often by fear mongers to push an agenda. Are all the people that use P2P software to distribute FOSS putting themselves at risk? Yes. But it's ok, it's a known and controlled risk. Just like when I walk out on the sidewalk I know not to run into oncoming traffic.
If you don't qualify what thi
Re: (Score:3, Insightful)
Boring.
The parent helos (H-3 variants, UH-60) construction is common knowledge and so it how to shoot one down.
Many H-3 variants were shot down during the Viet Nam war and plinking Blackhawks has been proven practical with RPGs (which cannot be jammed or spoofed) since Mogadishu.
Hit the tail rotor, gearbox, or important accessories like the aircrew and you'll have a nice smoking hole without benefit of P2P.
Re: (Score:2)
The general issue of secure documents found to be available on P2P networks is a serious issue, and not even remotely close to being something new. Slashdot has talked about it before, so this is old news.
This particular case is notably non-newsworthy. I mean, seriously, it's a freakin' helicopter. WTF are "the ter'rists" going to get out of looking at its blueprints?
First Terrorist: I've analyzed the blueprints for Obama's helicopter and discovered that if we fire a rocket launcher at it, we could blow it
It's official... (Score:5, Funny)
Tiversa was able to track the file, discovered at an IP address in Tehran, Iran, back to its original source.
.
.
'We've noticed it out of Pakistan, Yemen, Qatar and China. They are actively searching for information that is disclosed in this fashion because it is a great source of intelligence.'
If you use p2p file sharing software to steal music and TV shows - terrorists win.
Re:It's official... (Score:4, Insightful)
Mit der Dummheit kaempfen Goetter selbst vergebens
Wohl so, aber warum denn haben die Goetter die Dummheit gemacht?
It is a serious question why God made stupidity if he himself has to contend with it.
Re: (Score:2)
The employee responsible is SO toast. (Score:2)
Wow. I wouldn't want to be him / her about now.
Re: (Score:3, Insightful)
employee?? The company should be toast.
Re: (Score:2)
specifically, the network engineer that set up their routers and firewalls should be toasted, medium well on a spit
Re: (Score:2)
Re: (Score:2)
No doubt! I work at a large school district, and our machines are locked down tighter than the machines we used in Army intelligence (minus the strong crypto and CAC [wikipedia.org] readers).
Probably because the army realised noone can work properly on a locked-down windows machine.
Granted if it's only word/email/whatever, then it may work, otherwise, if, you know, people need _real_tools_, _real_programs_, etc, not gonna happen.
Especially if you have to wait for it to be "approved" by the morons at IT.
I know that, if I ever have to hire an IT manager my first question will be "which browser do you use". Anything that begin with an I, and I'll just say "next!"
Re: (Score:2)
What do you have against iCab?!
Make that a Capital I :P
Re: (Score:2)
you're ignorant of how aircraft are designed. they MUST be and ARE designed on networked CADD / CAE systems. Welcome to the late 20th and early 21st century.
Re: (Score:2)
My conspiracy theory - it's a setup. (Score:2)
Getting framed sucks... but what if it's all part of a setup?
Wasn't there some discussion about Obama wanting a new helicopter but "for the good of the nation" "considering today's economy" (nudge nudge, wink wink*) he decided against buying new helicopters.
But now that the security been breached, well, he just *has* to have a shiny new one, right?
(*What's a few hundred million dollars for a helicopter when we're committing to spending more money than the entire world's GDP, as computed using GAAP standards
Obligatory (Score:5, Funny)
Re: (Score:2)
freenet
Re: (Score:2)
way to fail
Why is this tagged "Windows"? (Score:5, Insightful)
I'm pretty sure that stupid/careless employees can leak sensitive information through P2P on any OS. I'm not aware that any of the OSX/nix installs search any less widely for shared folders than the Windows versions.
Stupidity is definitely OS-independent.
Re: (Score:2)
I'm pretty sure that stupid/careless employees can leak sensitive information through P2P on any OS. I'm not aware that any of the OSX/nix installs search any less widely for shared folders than the Windows versions.
Dont remember any p2p program for linux that shares by default the home dir, much less the Documents folder (when is there, anyway). Sharing the Documents folder or the user dir could look reasonable in windows world (where you dont have practically everything that matters in that dir). but in *nix is a big enough security hole to not include that default behaviour in p2p programs.
Stupidity is definitely OS-independent.
Some vulnerabilities make you think that choosing certain OSs could be a symptom of stupidity, specially if you have so very sen
"windows" article tag biased (Score:5, Insightful)
A lot of these P2P apps share your entire home or your entire computer by default when you first install them, it's up to you to go in and shut that stuff off, or at least define a specific folder to share from rather than the default.
Tagging this with "windows" isn't fair - it can affect any other system equally, this isn't a software problem, it's a user or developer issue. For example, I've worked on numerous macs with Limewire installed on them that are sharing all the user's music automatically by default.
Re:"windows" article tag biased (Score:4, Insightful)
Re:"windows" article tag biased (Score:4, Interesting)
I have never known a p2p app to run as "nobody" on linux. I'm quite the linux advocate, but this is just plain misleading. It is possible to deliberately setup a separate account to run your p2p apps, but none of the major distros do this for you automatically.
On the other hand, it should be fairly trivial to configure some default selinux or apparmor policies that restrict things like p2p apps and prevent them from accessing your documents without explicit permission. Again, though, I don't know of any distro that does this.
good luck with that! (Score:2)
from TFA: Rep. Jason Altmire, D-Pa., said he would ask Congress to investigate how to prevent this from happening again.
And you're going to do WHAT? Stop using defense contractors? Train the entire world on common sense? good luck!
Peer to Peer = Terrorism (Score:2)
Now the government has an excuse to completely ban Peer 2 Peer. I'm sure its complete bullshit, but it wouldnt be the first time the government lied to us about "terrorism" in order to gain financially and politically.
Topical BS (Score:3, Interesting)
Is it just me, or does this whole thing seem a bit too topical? I can see this meeting taking place at the Tiversa head office.
CEO - "We need to drum up business! What's a good angle to increase our visibility?"
Marketing Droid One - "Evil powers are undermining our National Security© is tried and true, Sir."
Marketing Droid Two - "It's consistently scored highly in all of our focus groups."
CEO - "That was with the last administration! We an angle for today people!" (makes slicing hand gesture)
Up and Coming Sycophant - "I know! The helicopter! We can say that someone stole the plans to the President's helicopter!"
CEO - "That might just work. Tie that in to the usual National Security line and send out a press release!"
I want properly configured SELinux (Score:2, Interesting)
There are a few sensitive files in my home directory, such as my private key in ~/.ssh and a few configuration files that contains passwords in clear text. I really don't want these files to be shared inadvertently, yet they are currently treated as ordinary files by the SELinux on my Fedora 10 system, so any process running under my account can access these files. Of course I can still relabel the files and change my SELinux policy, but this is beyond the ability of most people. It is a shame that SELin
Re: (Score:2)
Re:I want properly configured SELinux (Score:4, Insightful)
I'd like every program I run to be in a sandbox. For example, not having access to a single file without my permission.
It's pretty trivial to attempt this sort of thing with either Windows or any UNIXish OS. If you do, it shouldn't take long to figure out why it's completely impractical.
Re: (Score:2)
Simple end user protocol: Don't put confidential data online. I have several nodes that have no connection, and I don't even have kitty-porn on them. My data is damn near secure on those. Actually I was real annoyed when I was unable to locate a non-wi-fi-ready variant of a motherboard recently. Asus had it in the catalog but none of the retailers seemed to think that anyone might not want to broadcast their shit.
Another Internet FUD post in quick succession (Score:4, Insightful)
Wow. BitTorrent is really freaking the control freaks out isn't it? I guess the Pirate Bay trial must be going worse than they thought....
Outside connected machines (Score:5, Insightful)
Should be *banned* for security areas. If you need 'outside' for a valid reason you provide a dedicated machine for that purpose.
Its pretty simple. That company should be fired, not just the fool that caused the leak.
And i don't care what OS it runs, anything less then the above is plain reckless.
Re: (Score:3, Insightful)
Re:Outside connected machines (Score:4, Insightful)
Should be *banned* for security areas. If you need 'outside' for a valid reason you provide a dedicated machine for that purpose.
Its pretty simple. That company should be fired, not just the fool that caused the leak.
And i don't care what OS it runs, anything less then the above is plain reckless.
THey undoubtedly already do the above. I would lay money that this guy "brought work home" on a USB flash drive and put it on his home computer. I do something similar at work. I have 2 machines side by side, one with network access, one isolated with all my development tools on it. I transfer the applications I write to the "live" side with a flash drive. In my case it doesn't matter, because there's nothing sensitive on our network (our IT dept is just full of dickheads who lock down all the networked machines). In this contractor's case, the employee will probably lose his clearance and be canned. DoD security regulations are there for exactly this reason.
So now that they have the plans for Marine One. (Score:2, Funny)
So now that they have the plans for Marine One. They can save bundles in R&D and finally build Ayatollah One.
Couldn't resist. :)
The solution.. (Score:5, Interesting)
None of these ideas are foolproof, someone dumb enough would eventually screw up anyway. But that is not the point, the point is that there are simple engineering steps that can be taken to reduce the amount of inadvertantly shared data.
Re: (Score:2)
Do these programs even tell you in any plain manner that they are sharing the contents of the computer? I get the impression that they don't, that you have to know that it defaults to "open kimono mode" (i.e., it shares your entire computer) and specifically turn it off in the settings.
Re: (Score:2)
This is why (Score:5, Insightful)
... and this is why you have draconian policies in many companies about installing ANY unapproved software. I've seen people complain about "just let me do my job" and install anything they want, but the fact of the matter is that it only takes one dumb-ass like this to wreak major havoc.
Re: (Score:3, Insightful)
Re: (Score:2)
Actually, I would dare to say it's the people's fault for storing sensitive files in the Documents folder in the first place.
Sensitive data should be read from a network drive only when needed, and there should be a log with who opened it, who saved it and so on, much like a SVN/CVS whatever.
Also, a very important rule that every company should teach programmers and employees is NEVER STORE DOCUMENTS ON THE BOOT PARTITION.
If for some reason Windows goes berserk/crashes/you get infected with a virus, the eas
Re: (Score:2)
Actually, I would dare to say it's the people's fault for storing sensitive files in the Documents folder in the first place.
It doesn't matter where they're stored. If it's accessible, then it's accessible, whether it's on a network drive or a local drive. There's nothing that stops P2P apps from accessing network drives and searching for documents.
Yep (Score:3, Insightful)
Also I've discovered that quite often, the reason people want the ability to install software is precisely because they want shit they know they shouldn't have at work.
I work for a university, so there isn't a hard and fast rule on admin for users. We'd like that nobody has it, because there's less problems, but due to various reasons including academic freedom and research groups owning their own systems, we have to allow it when professors request it.
Now you might assume that the reason a grad student wou
Re: (Score:2)
... and this is why you have draconian policies in many companies about installing ANY unapproved software.
Which is quite a reasonable policy provided it is coupled with a mechanism for rapidly turning around sensible requests for new software, and truly is driven by security considerations rather than control-freakery and the need to secure middle management jobs in the procurement department.
Oh, and also provided it is applied to the Pointy Haired Boss as well as the proles - because (a) they may be the ones doing the dumb-ass things, and (b) if they have to wait 6 months for the software update they need th
Epic career limiting move (Score:3, Funny)
So whats the high/low on this person having a GitMo vacation??
Imagine that?! (Score:2)
People who don't understand what they are doing are also making huge mistakes!
In our consumer-safety world, we blame the manufacturers/publishers of products for when their use results in harm of some kind. We do this with cars, refrigerators, shoes and drugs. Somehow we have yet to address this problem with software... or more precisely, we have EULA'd ourselves out of any recourse on the matter.
People want to share stuff on the P2P (which doesn't always mean bittorrent... it can also mean other protocol
Deliberate. (Score:4, Interesting)
Funny how this should happen so recently after Obama and McCain publically agreed that the plan to replace the aging Marine One fleet should be cancelled...
http://www.nytimes.com/2009/02/24/us/politics/24chopper.html [nytimes.com]
Re:Deliberate. (Score:5, Interesting)
Here's more. The new Marine One fleet was to be built not by Sikorsky, as has always been the case, but by an Italian manufacturer Finmeccanica. Apparently the bidding and selection process itself was suspect, and pilots objected. This may also be why Obama wants the project reviewed. The article below posits a particular theory about the apparently crooked deal with Finmeccanica, which may or may not be correct, but the facts remain regardless of their interpretation:
http://www.alternet.org/audits/127832/ [alternet.org]
planted fakes? (Score:3, Insightful)
If I worked for US counterintelligence you can bet I would develop and plant fake leaks that sound just like this sort of thing. Then again, I may be giving too much credit. Occam's Razor prevails.
highly sensitive blueprints for Marine One (Score:4, Funny)
Outsourcing the wrong way (Score:2)
I am really astonished by what can call itself a "defense contractor" in the USA. Most other places probably have similar idiocy in place but this is just laughable at best. You entrust a company with the security of your files (let alone the nation) and they can't set up Kazaa so it won't share "C:\Documents and Settings\All Users\National Secrets"? Wow
Nothing to worry about. (Score:4, Funny)
Don't worry, I am sure the Iranian ISP has a three strikes policy and terrorists will be soon cut off the internet.
P2P installed by malware? (Score:3, Interesting)
What security depends on a helicopters blueprints? (Score:5, Insightful)
What sort of security depends on the secrecy of a helicopter's blueprints? Honestly.
Re:What security depends on a helicopters blueprin (Score:4, Insightful)
Pretty much any kind of security. Keeping the blueprints secret means keeping the capabilities (range, speed, altitude) secret as well as keeping the nature of any active or passive defenses secret.
Now I know the Slashdot hivemind will respond with their usual rote mantra - "but security through obscurity is bad"... But on this, they are completely wrong. (Mostly because their notions of security consist of repeating what they've read by various talking heads.) Security through obscurity, as one layer of an overall security plan, is extremely valuable because the black hats cannot prepare in advance to meet a countermeasure which they are unaware of.
Re: (Score:3, Insightful)
No security measure is 100% reliable - not using a security tool because it isn't completely reliable is stupid.
Yes..File sharing did this.... (Score:3, Insightful)
I am so tired of this sort of sensationalized reporting.
It's all part of an agenda, as I see it, about the "horrors of p2p technologies."
So let me get this straight, (at least, according to the headline).
"File Sharing" actually "breached" Obama's helicopter. How did file sharing accomplish such a feat?
Did file sharing hire some elite spies? Maybe some mossad agents?
What I think is that a company that manufactures products to snoop of file sharers has a great headline to
promote their business.
What the article REALLY amounts to, is that some defense contractor fucked up by not following security procedures.
if he had left them on a table at McDonalds the outcome could have been the same.
Hyrray for plans! (Score:2)
Comment removed (Score:4, Interesting)
Amazing... (Score:4, Funny)
You guys are slipping...
Re:takes 2 to tango (Score:5, Interesting)
Nope. Everyone is assuming this is a torrent because it is the most popular form of file sharing. Many of the old school peer to peer file sharing apps *by default* shared your documents folder. You could turn it off, but most people don't.
Many confidential files have been leaked this way. http://www.eweek.com/c/a/Security/Citigroup-Customer-Data-Leaked-on-LimeWire/
There used to even be guides to tell you what were common digital camera prefixes so you could do a search for CIM*.jpg or DSC*.jpg and browse people's private folders.
If you were a company or nation involved in espionage, getting on a p2p network and searching for files with obvious names would be a good place to start.
http://bizsecurity.about.com/b/2008/07/08/limewire-and-working-at-home.htm
It isn't just limewire of course, that's just the first one I could remember from years ago. There's also eMule and many others.
In addition to firing the person responsible, the entire IT staff should be reviewed if not fired. My guess though is that this is some ceo who specifically told IT that he was exempt from the security rules. C*Os are the biggest security risk because they tell people that the security rules don't apply to them. Remember that cdw? commercial about the boss who infects an entire office because he let's his kid use the company network?
Re: (Score:2)
Many of the old school peer to peer file sharing apps *by default* shared your documents folder. You could turn it off, but most people don't.
'Nuff said.
Shouldn't sensitive data be protected or something? I mean, why does he even have the right to have access to the internet at the same time as the right to install arbitrary applications that can read said data?
Re:takes 2 to tango (Score:5, Insightful)
Uh, data like this shouldn't even be on a computer with a physical link to the internet at all. Classified data should stay on classified networks. Period.
I know a guy at a defense contractor. They isolate their networks containing classified data. If they need to remove a file from the room they reimage a desktop with a known safe image, copy the file onto that PC from a CD burned from a classified PC. They then scrub the files with software that does stuff like wipe unallocated space, check for word versions, PDF comments, etc. Then that desktop is used to burn a new CD with just the intended files. Then they securely wipe the desktop. That one CD that was created in this fashion is then allowed to leave the room. Note that this is the gist of how it works - some details may be less than accurate (obviously I'm not privy to the exact procedures, but this is the general level of rigor involved).
Even if somebody installed Kazaa or its like on one of the computers in that room it wouldn't be able to leak data - there are no network connections that are attached to the internet. If somebody needs to check email or browse the web they leave the room (carrying nothing with them) and go to another desk in a regular office area, which has a fairly secure network but something more akin to what you'd find in any decently secured corporate network. Of course, installing kazaa in the first place would be difficult since you're not supposed to carry anything into or out of the classified areas - I don't know if they get searched at the door but you would certainly be fired and potentially prosecuted if you were caught doing it intentionally.
Important datacenters like those found in stock exchanges / etc are similar. The datacenter is secured, network access is very carefully controlled, and to do anything important you need to have physical access to a room with cameras pointed everywhere and every task involves two people at the keyboard at all times.
There is no excuse for these kinds of breaches. Strong security isn't actually hard. It is certainly expensive, and it is certainly inconvenient. However, it really isn't hard - you just need to be methodical.
Re: (Score:2)
There is no excuse for these kinds of breaches. Strong security isn't actually hard. It is certainly expensive, and it is certainly inconvenient. However, it really isn't hard - you just need to be methodical.
Which is what makes it hard. Information is easily spread. People make mistakes. A security mistake won't crash your computer.
Re: (Score:3, Interesting)
Some things dumbasses have done (Score:2)
Granted this was only an advertising company with no real secrets except personal data:
We noticed strange activity from a subnet in our building, and it turns out that around 6 pm
every day, this kid was walking around to as many pc's as he could and firing up kazaa. Enabled
by lazy desktop admins that had given the same password to EVERYONE. Using this one password
of course, could get you into anybody's personal stuff, but that is another issue.
We had a summer college intern that installed soulseek and kazaa
Re: (Score:2)
My girlfriend works for Social Services. Budget cuts have prompted Management to assign more caseloads than feasible for each remaining worker, with the direction that these MUST be kept 95% up-to-date. The only people in compliance now are the ones taking their work home. I asked her which files were public records legally allowed out of the office, precipitating an unpleasant interlude. oops. IMHO this should be severely dealt with by statute and enforcement until the idiots can be trained to use a tiny b
Re:President gets a new Marine One (Score:5, Informative)
Really though, it's probably just unrelated coincidence. Most things like this are completely unplanned. Conspiracies require competence, and you just don't find that in government much.
Re: (Score:2)
Re: (Score:2)
Wouldn't the responsible behavior be to inform the FBI or DoD
According to TFA, they did that first thing. They presumably had permission to do some publicity stunt/press releases with it after the FBI made sure the contractor was shot, his house burned down, his laptop was seized, or whatever it is they do nowadays to people who break security regulations.