Slashdot Mirror
Obama Helicopter Security Breached By File Sharing
Hugh Pickens writes "A company that monitors peer-to-peer file-sharing networks has discovered a potentially serious security breach involving President Barack Obama's helicopter. 'We found a file containing entire blueprints and avionics package for Marine One, which is the president's helicopter,' says Bob Boback, CEO of Tiversa, a security company that specializes in peer-to-peer technology. Tiversa was able to track the file, discovered at an IP address in Tehran, Iran, back to its original source. 'What appears to be a defense contractor in Bethesda, Md., had a file-sharing program on one of their systems that also contained highly sensitive blueprints for Marine One,' says Boback, adding that someone from the company most likely downloaded a file-sharing program, typically used to exchange music, without realizing the potential problems. 'I'm sure that person is embarrassed and may even lose their job, but we know where it came from and we know where it went.' Iran is not the only country that appears to be accessing this type of information through file-sharing programs. 'We've noticed it out of Pakistan, Yemen, Qatar and China. They are actively searching for information that is disclosed in this fashion because it is a great source of intelligence.'"
That's not even the real issue. They should be asking what a contractor is doing putting classified information on his "walking around" laptop. When I was in military intelligence, we had machines with classified information, but they were either dedicated hardened devices (for in the field) or they were fairly standard windows machines kept inside some sort of secure perimeter. The P2P aspect of this is really irrelevant, other than it gives both the "dastardly towelheads of Eastasia*" and the DoD an easy way to spot the information in the wild. This contractor likely already broke the rules enough to lose his job by having the files there in the first place.
* we've always been at war with Eastasia, right?
If a job's not worth doing, it's not worth doing right.
You know, I'm usually one to go with Hanlon's Razor (never attribute to malice what can adequately be explained by stupidity), but with the VH-71 Marine One replacement program getting the stinkeye for it's ridiculous cost overruns, for once the conspiracy thing has me suspicious. It's likely the plans being on P2P part is entirely coincidence, and the publicity of the incident is the conspiracy, but I can see it happening. The question now is, which Marine One plans are they? Are they the plans for the helicopters currently in service, and the conspiracy is trying to save the VH-71 program, or were they the VH-71 plans and the conspiracy is trying to kill the VH-71 program?
Really though, it's probably just unrelated coincidence. Most things like this are completely unplanned. Conspiracies require competence, and you just don't find that in government much.
If a job's not worth doing, it's not worth doing right.
I don't know how long ago you were in military intelligence, but these days people leave their agency and then come back on Monday as a contractor with Booz Allen Hamilton or SAIC. If you haven't already, read Spies for Hire by Tim Shorrock.
When the axe came to the forest, the trees said, "Look out - the handle was once one of us."
1b. the idiot admin that had not removed user ability to install random software on a work computer...
AKA #3 above.
Windows is not difficult to secure for appropriately trained IT staff. The Department of Defense releases papers that walk people through creating extremely secure Windows environments, arguably more secure than many out of the box linux distros.
It's a custom helicopter (just like air force 1 is a custom plane). You could for example get some sort of unique radar response from the plane, telling you the location of the helicopter, or worse, giving you something to program a sidewinder with.
Same goes for air force 1. If you had the specs of it's fof tranceiver you could wait until it's crossing the atlantic, then launch a rocket towards it which they have no chance to evade.
Basically it would reduce the problem of killing the president of the USA from successfully attacking a wide range of security forces, just to make sure you cover all angles, to the problem of making 1 tiny pinpoint strike. With the blueprints or a location indicator you'd could execute a pinpoint strike that would take involve almost no risk for the perpetrators and would sure as hell kill the prsident.
Having worked on classified projects, I really have to question the story's veracity. Computers with highly classified data are NOT connected to the internet.
My experience was 15 years ago, but I find it hard to believe it would change that much. I remember having to certify that a brand new blank tape didn't have classified data on it, so I could take it out of the building to an unsecured area to get a file emailed from an unclassified contractor.
Hell, we couldn't even bring in a CD player if we ever wanted to take it back out again.
Except that Windows has such a cult following that it's likely the authorities will turn a blind eye to the incident. Take the case where Windows somehow got onto base computers in Afghanistan [usnews.com] and were subsequently owned by malware letting still more outsiders into the network. No one's been prosecuted publicly despite there certainly being a paper trail leading to the culprits.
You apparently have no clue how DOD classified networks work such as SIPRnet or JWICs. Anything classified has no connection to the unclassified internet. The SIPRnet and JWICS system passes though a KG-175, which in turns encrypts the traffic, to go though the normal network. If for example a windows SIPRnet, or JWICs system gets comprised with spyware. The only one who could touch these systems is people on the SIPRnet or JWICS. Just because the machine is comprised doesn't make the computer decide to send unencrypted data or open holes in the network, since any traffic leaving the network has to go though the KG-175. Now if some idiot user decides to connect a classified system to network, that's a much bigger issue that they call data spillage.
Any computer not classified is essentially on the NIPRnet (or unclassified network) for example, but the only data that is allowed on it is up to sensitive information such as SSNs, random forms, and TPS reports. Even flight schedules are not supposed to be NIPRnet.