Slashdot Mirror
Obama Helicopter Security Breached By File Sharing
Hugh Pickens writes "A company that monitors peer-to-peer file-sharing networks has discovered a potentially serious security breach involving President Barack Obama's helicopter. 'We found a file containing entire blueprints and avionics package for Marine One, which is the president's helicopter,' says Bob Boback, CEO of Tiversa, a security company that specializes in peer-to-peer technology. Tiversa was able to track the file, discovered at an IP address in Tehran, Iran, back to its original source. 'What appears to be a defense contractor in Bethesda, Md., had a file-sharing program on one of their systems that also contained highly sensitive blueprints for Marine One,' says Boback, adding that someone from the company most likely downloaded a file-sharing program, typically used to exchange music, without realizing the potential problems. 'I'm sure that person is embarrassed and may even lose their job, but we know where it came from and we know where it went.' Iran is not the only country that appears to be accessing this type of information through file-sharing programs. 'We've noticed it out of Pakistan, Yemen, Qatar and China. They are actively searching for information that is disclosed in this fashion because it is a great source of intelligence.'"
Is it just me, or does this whole thing seem a bit too topical? I can see this meeting taking place at the Tiversa head office.
CEO - "We need to drum up business! What's a good angle to increase our visibility?"
Marketing Droid One - "Evil powers are undermining our National Security© is tried and true, Sir."
Marketing Droid Two - "It's consistently scored highly in all of our focus groups."
CEO - "That was with the last administration! We an angle for today people!" (makes slicing hand gesture)
Up and Coming Sycophant - "I know! The helicopter! We can say that someone stole the plans to the President's helicopter!"
CEO - "That might just work. Tie that in to the usual National Security line and send out a press release!"
In the land of the blind, the one-eyed man is usually crucified.
Nope. Everyone is assuming this is a torrent because it is the most popular form of file sharing. Many of the old school peer to peer file sharing apps *by default* shared your documents folder. You could turn it off, but most people don't.
Many confidential files have been leaked this way. http://www.eweek.com/c/a/Security/Citigroup-Customer-Data-Leaked-on-LimeWire/
There used to even be guides to tell you what were common digital camera prefixes so you could do a search for CIM*.jpg or DSC*.jpg and browse people's private folders.
If you were a company or nation involved in espionage, getting on a p2p network and searching for files with obvious names would be a good place to start.
http://bizsecurity.about.com/b/2008/07/08/limewire-and-working-at-home.htm
It isn't just limewire of course, that's just the first one I could remember from years ago. There's also eMule and many others.
In addition to firing the person responsible, the entire IT staff should be reviewed if not fired. My guess though is that this is some ceo who specifically told IT that he was exempt from the security rules. C*Os are the biggest security risk because they tell people that the security rules don't apply to them. Remember that cdw? commercial about the boss who infects an entire office because he let's his kid use the company network?
There are a few sensitive files in my home directory, such as my private key in ~/.ssh and a few configuration files that contains passwords in clear text. I really don't want these files to be shared inadvertently, yet they are currently treated as ordinary files by the SELinux on my Fedora 10 system, so any process running under my account can access these files. Of course I can still relabel the files and change my SELinux policy, but this is beyond the ability of most people. It is a shame that SELinux, with its huge potential, is so hard to use that it still provides very little security for an ordinary user.
None of these ideas are foolproof, someone dumb enough would eventually screw up anyway. But that is not the point, the point is that there are simple engineering steps that can be taken to reduce the amount of inadvertantly shared data.
Football Odds
Funny how this should happen so recently after Obama and McCain publically agreed that the plan to replace the aging Marine One fleet should be cancelled...
http://www.nytimes.com/2009/02/24/us/politics/24chopper.html
Actually, it's even harder to get a file off a classified network than that. At least where I work, any CD or DVD burned off a classified network is automatically classified at the same level as the network it came from. If you want to move a file to an unclassified network from a classified one, that process is known as a downgrade and requires the entire file to inspected as PLAIN TEXT. What about .doc or .ppt files you ask? It can't be done - there's no approved process for it. Actually, that's not 100% true - you (meaning someone with proper permissions) can print the file in it's entirety, read it over, and scan it onto an unclassified network using an optical scanner.
Jealously hoarding mod points since 2007.
>>>why are the idiots storing their sensitive information in a WINDOWS MACHINE!?
Uh, most defense contractors use Windows machines connected to a Windows network. I could go into work right now and by sorting through the publicly-shared Q: drive, find all kinds of schematics and information. Probably most of it I'm not supposed to know, and yet it's there for every engineer/technician to read.
Then if I did something stupid, like load Kazaa and point it to the Q: drive, boom, instant sharing with the whole world.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
I have never known a p2p app to run as "nobody" on linux. I'm quite the linux advocate, but this is just plain misleading. It is possible to deliberately setup a separate account to run your p2p apps, but none of the major distros do this for you automatically.
On the other hand, it should be fairly trivial to configure some default selinux or apparmor policies that restrict things like p2p apps and prevent them from accessing your documents without explicit permission. Again, though, I don't know of any distro that does this.
What are the chances this P2P source was installed by malware? Is there anything active in the wild that does that?
Shortly after 9/11 one of the principal architectural firms working on the Pentagon renovation posted all of their CAD drawings on a publicly available ftp server. I was working for a subcontractor at the time. When I contacted them to ask "WTF are you doing? Why not just post an ad in the Washington Post offering to give away all this information?" I was told by the system admin that it wasn't a problem because they hid the files on the ftp server using "an obscure folder name that nobody will be able to figure out". In other words, they posted the Pentagon's infrastructure in a folder called "/erwtn0tun-29358yt29832hncnf2h2ui2h 3fh3nc/" on their public ftp server because nobody would be able to find it in the open!!! Except I did. When I mentioned it to other people the response was "well, you can't bite the hand that feeds you" and all that rot. Of course, the ftp server was running on MS IIS and their web server was misconfigured at the same time so you could see everything ELSE on the server... Government & security (to me) are laughable.
You forgot the third conspiracy alternative: They aren't the plans of either Marine One at all.
Arguably, anyone able to make use of them would probably be able to tell if they were bullshit unless the faking is really well made.
"They" can scratch and scrape for information all they want. Doesn't matter in the end; the US can still obliterate any adversary.
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.