Slashdot Mirror

← Back to Stories (view on slashdot.org)

P2P Leaks Surprises

Posted by CmdrTaco on from the be-careful-people dept.

kilian.cavalotti writes "A new Web log is posting what it purports are pictures, documents and letters from U.S. soldiers and military bases in Iraq and elsewhere--all of which the site's operator claims to have downloaded from peer-to-peer networks such as Gnutella. The "See What You Share" site has been online for a week and has published photos ranging from a crashed military jet to a screenshot of a spreadsheet file that appears to include names, addresses and telephone numbers of marines. The site's operator, a 30-year-old named Rick Wallace, wrote in a blog posting that he is trying to help the military understand how serious a security risk unmonitored peer-to-peer file sharing can be."

28 of 389 comments (clear)

  1. Okay by Corporate+Troll · · Score: 5, Funny

    I don't care what the military shares, but I surely want to see more of her... Redheads.... *drool* ;-)

    1. Re:Okay by stinkyfingers · · Score: 5, Funny

      I smell a new pornsite: www.p2pmilitarywives.com

  2. I think is was said somewhere else... by agraupe · · Score: 4, Insightful

    If you choose to expose security weaknesses, don't take advantage of them. Tell those who can fix it/do something about it, and no one else. What this person is doing will just give other people ideas.

    1. Re:I think is was said somewhere else... by Anonymous Coward · · Score: 5, Informative

      From the 'Why this site exists' section of his site:


      A few months ago, I downloaded some military briefings from the Gnutella Network. The briefings were zipped and the file contained 21 documents with classifications ranging from For Official Use Only to Secret/NO FORN. Shocked at my discovery, I notified an agency on a nearby military installation. When nothing happened, I notified another agency. I continued this course because no action was taken and for a nation at war, I was concerned for the safety of our soldiers.

      So it seems, he DID tell those who can do something about it, and that nothing is getting done.

    2. Re:I think is was said somewhere else... by kid_wonder · · Score: 5, Informative

      Thanks for COTFU (clicking on the f'ing url) where he clearly details how he found documents and immediately contacted the appropriate branches of service and/or military bases.

      They did NOTHING. So he posted self-censored documents to shame them into fixing the problem.

      I have no problem with that.

      --

      "Oh, you hate your job? There's a support group for that, it's called everyone, they meet at the bar."
    3. Re:I think is was said somewhere else... by jemenake · · Score: 4, Interesting
      If you choose to expose security weaknesses, don't take advantage of them. Tell those who can fix it/do something about it, and no one else. What this person is doing will just give other people ideas.
      Unfortunately, most people don't take it seriously unless it really happens to them or if they see it happen to someone else like them.

      A great example of this happened at my university about 10 years ago. The campus ran a cluster of unix machines for students to get email, read usenet, compile C programs, run nethack, etc.

      The nerds amongst us were fairly concerned that the admins: 1) didn't keep the passwords in a shadow file, and 2) didn't run Crack on the password file to find weak passwords. I guess the reasons were that: 1) the OS (I think it was AIX at the time) didn't support /etc/shadow, and 2) the admins shuddered at the thought of freezing the accounts of and having to talk scores of users through the process of changing their passwords.

      So... one of the nerds kinda... "settled" the issue for them. He ran Crack on the entire password table and POSTED all of the cracked login/password combos (a couple thousand out of something like 10,000 users, I think) to the local campus newsgroups.

      Of course... this led to only one account being frozen... and you can probably guess whose it was.

      But the campus did start to show a newfound interest in password robustness after that.
  3. my email to Glen by rpdillon · · Score: 5, Insightful

    Glen Breakwater-

    As a former member of our armed forces, and an avid technophile as well as outspoken supporter of freedom in all its forms, I have a question:

    What exactly are you advocating?

    It sounds an awful lot like you're complaining, but you have absolutely no idea how to solve the problem you've raised. This is not constructive...it is merely whining. Do you want to ban P2P services? Do you want to attempt to make yet more copy protection systems? Or are you doing what Michael Moore does and complaining about a situation while having no solution whatsoever?

    As for my view: it is the price of freedom. If you don't want Secret/NOFORN documents distributed on the web, then don't hand them out to people! Make sure the only machines that have them are on SIPRNET and take out the damn floppy and zip disk drives.

    My position: people are stupid, and until we decide to take real measures to protect secret data (i.e. not providing removable media for secret computers), we'll get burned. A nation at war? Yes, I went to Iraq three times in the past three years. But don't blame the soldiers, or the P2P programs. Blame the idiots that make the information available and the idiots who build the computers and set IT policy for the DoD.

    Peer to peer filesharing is NOT a security risk. The lack of a comprehensive security program within our military is a security risk.

    Regards,

    1. Re:my email to Glen by PCM2 · · Score: 5, Insightful
      It sounds an awful lot like you're complaining, but you have absolutely no idea how to solve the problem you've raised. This is not constructive...it is merely whining.
      Um ... as a taxpaying citizen, is it really too much to ask for the military to take care of its own business, when ostensibly the security of our entire nation is at stake? Since when do you or I get to vote on how the military handles its own housekeeping? It's not up to you or I (or Glen) to establish military policy. All we can do is ask that they please address the issue. I think he's done that in a pretty alarmist way -- but he obviously feels like that's what it's going to take.

      "Ban" P2P services on military computers? By all means, if that's what it takes. Establish penalties for soldiers who fail to observe security protocols? Abso-effin-lutely. This ain't a civil liberties issue, people, and we're not talking about dismantling entire technological innovations here or anything -- this is the military. I wholeheartedly agree that, before Congress comes along and pushes through any further legislation blaming the American people for failures of security policy (i.e. the Patriot Act), the people who are really and literally on the front lines of the information security issue need to get their shit together in a big way.

      --
      Breakfast served all day!
    2. Re:my email to Glen by criquet · · Score: 5, Insightful

      Simply because someone raises an issue that concerns them without having a (stated) solution does not constitute complaining nor whining.

      Though I agree with you point that p2p is not the problem.

    3. Re:my email to Glen by kfg · · Score: 5, Funny

      It sounds an awful lot like you're complaining, but you have absolutely no idea how to solve the problem you've raised. This is not constructive...it is merely whining.

      I'll bet your auto mechanic just loves it when you refuse to tell him what's wrong, but tell him how to fix it.

      KFG

    4. Re:my email to Glen by composer777 · · Score: 4, Insightful

      My take on it is that all this talk of security is pretty ridiculous. You're average American belongs to the safest and least threatened group in the entire world. If we cared that much about security we would realize that the first step in creating real security is to provide it to those who need it the most, not those who need it the least. We could start at home, by providing security for those who are most threatened by violence on a daily basis, that is, the poor and the minorities. Ironcially, by focusing on increasing their security, we would in fact also be making the world safer for the most secure group, rich whites. Increasing security for the disadvantaged could involve a multi pronged approach:
      1. Create a program of effective affirmative action that would truly provide equal opportunity, as a start, providing such basic things as shelter, healthcare, etc.
      2. Eliminate racist drug laws that needlessly disciminate again the poor.
      3. Eliminate racist police offices that are one of the biggest threats to the urban population.

      Outside our borders, increasing security would involve a similar approach.
      1. Work to raise the standard of living rather than handing over resources to corporations that are only interested in plundering.
      2. Stop shooting and torturing people, which is one of the biggest threats to security of innocent Iraqi people.
      3. Stop giving Israel carte blanch support to murder, round defenseless Palestineans up into concentration camps and bulldoze their homes.
      4. Stop supporting corrupt, undemocratic regimes such as Saudi Arabia, Saddam Hussein's Iraq in the 80's, etc.

      But, we won't take these steps, our government doesn't take these steps because they realize that security isn't that big of an issue. In fact, the War in Iraq has the effect of increasing terrorism and decreasing security, not just for Americans, but also for the people of Iraq. On the other hand, the people of America won't take these steps because we're a bunch of racist cowards that think that we alone have the right to feel safe in our homes, but that black guy in the ghetto, well, he doesn't, and the Iraqi's in Abu Gharaib, well, they should have known better. It never occurs to us that increasing security of the poor might be the quickest way to create a safe and secure world for everyone. Nor does it occur to us that it is impossible to have perfect security. For some reason we believe that security is our birthright, and ours alone. I can't think of another group on this planet that has a greater expectation of perfect security than middle class Americans. It's a nice goal, but if we are truly interested in real freedom and equality, then we will realize that security can't be just a thing reserved for priveledged American whites.

  4. The Emphasis Should be on Security Issues Not P2P by The+Importance+of · · Score: 5, Insightful

    The problem is that the website author emphasizes that "Technology often outruns legislation. So is the case with Peer 2 Peer networks." He seems to assume that P2P should be legislated against. However, this is a security issue, not an issue specific to P2P systems. Education and other controls should be used to minimize this problem. The military would never let Joe Soldier run a rogue server, why would they let them run any old P2P app on a system with classified information? See, P2P Problem or Security Issue?.

  5. I always thought... by digitalsushi · · Score: 4, Interesting

    I always thought military desks had two machines on them. A public internet and a military internet, and at no point were they ever interconnected. Is there any shade of truth of that *at all* in any branch of our military? It certainly sounds like any casual remark anyone might make at the watercooler, but it'd be interesting to hear from someone who's been there.

    --
    slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
    1. Re:I always thought... by rpdillon · · Score: 5, Informative

      You are correct...there is NIPRNET (public internet) and SIPRNET (an entirely seperate, secret and very large network for military). The problem is that sometimes presentation computers are NIPRNET, and sometimes you have to give secret briefs. Or sometimes someone doesn't have SIPRNET set up correctly (its an involved process), so some idiot copies secret files to a floppy. As I said above in my email: SIPRNET computers shouldn't have floppies or zip. No removable media. Oh, and while youre at it, can we ditch all the MS contracts too, and move to something secure?
      This is the case all over, and I got tired of it when I was in the military...the security is not where it should be an no one cares.

  6. Place your bets now! by koganuts · · Score: 4, Interesting

    It'll be interesting to see how long it'll take before the operator of that weblog is arrested, even though he's trying to prove a point.

  7. But the REAL question is, by whoever57 · · Score: 5, Funny

    ... where are the other "raunchy" photos?

    --
    The real "Libtards" are the Libertarians!
  8. Absurd by cephyn · · Score: 5, Insightful

    First off, if classified info got to a P2P network, then there was a security breach BEFORE it got there. The p2p network is not the problem.

    Second, if the info isn't classified, why shouldn't it be on p2p? If a jet crashed and there's a picture, and its not classified info, then there's nothing wrong with it being public information, because it IS public information.

    --
    Moo.
    1. Re:Absurd by FerretFrottage · · Score: 5, Insightful
      If a jet crashed and there's a picture, and its not classified info, then there's nothing wrong with it being public information, because it IS public information.

      Not with the current administration....remember the casket picture incident? They [the pictures] were not classified, but you better not show them to the people.

      --
      "Look Lois, the two symbols of the Republican Party: an elephant, and a fat white guy who is threatened by change."
  9. Read before you throw a fit by cyberlotnet · · Score: 4, Informative

    Did you read http://www.seewhatyoushare.com/2004/07/why-this-si te-exists.html

    He made valid and physical attempts to inform the proper people about the issues and he saw no response, no action, he was basically ignored.

    Well I bet they are taking notice now.. I would like to see every single person he talked to in the military that did Nothing up on military charges and kicked out of the military with nothing.

    No better yet a true example should be set and they should end up in prison for threating the security of our nation.

    --
    Personal Website
  10. Surprising by Quila · · Score: 4, Interesting

    In the extremely large military network I worked on, all P2P ports were blocked (the rule was deny all, allow by exception) and the IDS was tweaked to catch anyone who fiddled with the ports to get around that. The security guys were not nice to people they caught.

    I guess some areas of the military just aren't set up that well.

  11. Nothing to see here, move along by 2Wrongs · · Score: 5, Informative

    Finally a slashdot article I can comment on knowledgably.

    I'm an officer in the US Army and on a casual glance through the file list there's nothing on there that's classified. You can look up most of these manuals on google.

    Here's a site that lists a couple: US Army Fields Manuals Not hugely helpful unless you have training and equipment, but I guess if I were a (bored) terrorist, I'd read em.

    1. Re:Nothing to see here, move along by Mz6 · · Score: 4, Insightful
      As I've stated previously on here...

      I'm sorry to say but it's NOT public knowledge to list what classification level service members have. This guy posted a document with several service member's names AND classification levels. Not only this it lists the base they are stationed at and their names and ranks. He was nice enough to blur out their SSN though...

      --
      Hmmm.
  12. Re:I got bored just after Kazaa came out. by topynate · · Score: 4, Funny
    I read people's mail, and after msn messenger 6, their chat logs.

    Dumb people are really boring.

  13. Not the same thing. by DAldredge · · Score: 4, Insightful

    Sharing files on a p2p network is just that, sharing files. It's not like forgeting to lock your door, it's like having a flashing neon sign that same 'come in' and then getting upset when people do.

  14. Give that man a cigar by Atario · · Score: 4, Interesting
    You hit the nail on the head. The same principles apply to soldiers gabbing about classified stuff F2F, never mind P2P.

    Oh, and I submitted this with a funnier headli...er, wait, this isn't Fark, is it.

    Well, I did submit it, with a link to a ZDNet article about it, in which they give a little more detail about what happened with the blogger's attempts to get the authorities involved:
    In an interview from Germany, where he lives with his wife, a U.S. Army officer, Wallace said he had contacted local military intelligence about the issue. They forwarded the information to a higher level, but there was little further response until he contacted the office of Sen. Conrad Burns, who represents Wallace's home state of Montana, Wallace said.
    ...
    Shortly after Wallace got in contact with Burns' office, the file of classified documents disappeared from Gnutella.
    Ummmm...what??? How powerful is this senator, that he can pluck a given file off a decentralized P2P network? How did he do that? Am I going to get an insistent knock on my door for even questioning this?

    Tell my wife I love her! AIEEEE!!!
    --
    "A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
  15. Re:I got bored just after Kazaa came out. by Com2Kid · · Score: 4, Insightful

    I prefer looking up people's resume and sending them a message,

    "So, how's the weather in [insert locale here] "

    --
    Need help treating your acne? Come here!
  16. What's really funny is... by raytracer · · Score: 5, Insightful

    What I find really funny is just what a threat a paranoid public is to liberty and freedom of all Americans.

    I'm frankly somewhat comforted by the fact that we have pictures coming out of Iraq that have not been filtered through the military censors and government spin doctors. I think it's good that we find out about Abu Ghraib. There is a fine line between keeping information secret to promote security and keeping information secret to deny culpability.

    You can't put the genie back in the bottle: people want digital cameras, internets and camera phones. People will take pictures of things and share them with others. For the most part, I think more is gained than more is lost. The worst thing that can happen is for people to lose sight of what their government and military are doing. Are some images disturbing? Yes. Do they force us to uncomfortable conclusions about our government? Probably. But what is the alternative: to go on as if such things simply didn't happen? I hope we are braver than that.

    --

    There is much pleasure to be gained in useless knowledge.

  17. Real Information: MOD UP by jdun · · Score: 5, Informative

    The guy is stupid. Not only does he not know anything about the US military or the regular GI do with their spare times. I do not know if those list are real or fake but the image is nothing to worry about. Most enlisted don't know jack about what the higher echelon is doing until the finial phase. Case in point: My friend got a notice to ship out. He had a one-day notice. No one on the ship except the Captain and his XO know in advance of what was going on. My friend doesn't even know when he will come back. It wasn't a special mission or anything. In fact when he got back home, he told us that they just ran around in circle for ten days doing nothing. This is just a small example of how the military works. The US military don't think like regular civilian.

    On the pictures issue, if you go to any gun or military website forum, you will see a lot of pictures that were taken by GIs all over the world, from combats to RR. There are in fact millions of pictures floating around websites that show those kinds of pictures. You don't need P2P to find out. GIs have their own website, units have their website, and God know how many other military related website on the web that show those kind of pictures.

    Here is an unit with their website and images. Some of the pictures are from Iraq. I found some of them enjoyable.
    http://www.strykernews.com/gallery/out laws?page=1