Slashdot Mirror

← Back to Stories (view on slashdot.org)

P2P Network Exposes Obama's Safehouse Location

Posted by timothy on from the this-is-an-unsecured-channel-please-acknowledge dept.

Lucas123 writes "The location of the safe house used in times of emergency for the First Family was leaked on a LimeWire file-sharing network recently, a fact revealed today to members of the House Oversight and Government Reform Committee. Along with the safe house location, the LimeWire networks also disclosed presidential motorcade routes, as well as sensitive but unclassified document that listed details on every nuclear facility in the country. Now lawmakers are considering a bill to ban P2P use on government, contractor networks."

26 of 307 comments (clear)

  1. Wow by GofG · · Score: 5, Insightful

    If it had been leaked by uploading it to a server, would they ban the ftp protocol?

    --
    GFA/M/S d-- s: a--- C++++ UBL++$ P+ L+++ !E- W++ N+ !o K- w--- !O !M !V PS++ PE Y+ PGP+ t+++ 5- X+ R tv@ b++ DI++++ D+ G
    1. Re:Wow by interkin3tic · · Score: 2, Insightful

      Suprise: lawmakers are once again clueless when it comes to technical issues that have been around for less than 100 years.

      The real question is who is advising them so poorly?

  2. ban the man by OrangeTide · · Score: 4, Insightful

    We must ban everything that we don't understand until we can feel safe again.

    --
    “Common sense is not so common.” — Voltaire
    1. Re:ban the man by dirtyhippie · · Score: 5, Insightful

      Congress's reaction is predictable and hilarious, but to be fair, they are only talking about banning P2P use on government computers. I don't have a problem with that. If you are working on government contracts, you should probably have a seperate computer from where you keep your music, porn, etc.

    2. Re:ban the man by Anonymous Coward · · Score: 2, Insightful
      I agree 100%. I don't bring my laptop where I keep my pr0n, music and run my P2P apps, this should be common sense for anyone and this should be twice as apparent for someone working for the gov't.

      If I was allowed to have mod points I would have modded you up.

    3. Re:ban the man by sbeckstead · · Score: 3, Insightful

      He can go to a computer on the proper network and download it just like the military has to do now. There are darn few uses for P2P that can't be handled better by something else.

      --
      Why bother
    4. Re:ban the man by hairyfeet · · Score: 5, Insightful

      Exactly. As long as this doesn't turn into a "P2P is bad, we must ban it from the internet tubes" kind of deal I have NO problem with the government madating what can and can't be on your work machine if they are paying your check. This is just common sense, just as no admin with a brain would allow someone to run Kazaa or Limewire on the corporate Intranet. But placing rules (along with penalties) for using an unauthorized application when dealing with high level clearance materials just seems like basic security.

      They probably are simply dealing with laws written before the Internet and therefor have no rules against it. And with the government rules and procedures are king.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    5. Re:ban the man by Beardo+the+Bearded · · Score: 5, Insightful

      I work with military ... stuff. When we have a classified or higher document, it doesn't go on our normal computers, like the one I'm using now. It goes on The Secret Computer, which is in its own room, on no networks, and it requires a key, a passcard, and supervision. Things like USB are locked out. It's a secure station. You can't hack it because there's no access to the device. Social Engineering won't work that well because you've got to be vetted every 5 years to maintain your access. Plus, we're all psychologically tested, have credit checks, and are generally very well looked after.

      That is for that rare slice of documentation that is classified and is allowed on a computer. It's a nightmare to get a copy of a classified document -- do you think they would allow you to just hit "print" and get a second (or hundredth) copy? These files are very often (and yes, it's 2009) paper only, sent via special channels. You don't just email Secret documents off to whomever has a .mil email address. Generic workstation + classified document = security violation = jail.

      Now, the WHOLE ARTICLE IS BULLSHIT

      IT IS A PRESS RELEASE BY A COMPANY THAT STANDS TO MAKE MONEY FROM A MONITORING CONTRACT

      Things like the nuclear document are just bullshit. If it's sensitive, it's Classified. If it's not sensitive, it's not. The End. If it was sensitive and improperly declassified, then that's a Monumental Fuckup. You can't say "oh noes nukelar secrets on lemonwire! give us teh monitoring contract!" What are the details, mailing addresses?

      (Note for the pedantic: I'm using "Classified" as an umbrella term for anything that requires a security clearance because I didn't feel like typing out the various levels of document classification over and over again.)

      --

      ---
      ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
    6. Re:ban the man by Bovius · · Score: 5, Insightful

      People that take action based on this allegation alone are afraid.

      Fixed that for you. The USA's policies these days are driven primary by blind, largely irrational fear. Although I suppose that could be transliterated into stupidity.

      The sad truth is that we have plenty of incompetent people to perform these kinds of blunders without the need for shadow organizations to orchestrate them. Anyone in the government with a will to exact more control over the public has their arms more than full of these kinds of stories.

    7. Re:ban the man by shaitand · · Score: 2, Insightful

      Well there is some distinction here... government contractors are not government employees. Just because the city contracts me to redesign their sewers doesn't mean they dictate what will be run on my office machines unless they are going to supply machines exclusively for that use.

    8. Re:ban the man by pixelpusher220 · · Score: 2, Insightful

      Personal information is not 'classified', but it is 'sensitive'; so yes it can be the case where data is sensitive but not classified.

      You're right on about the press release thing though...my thoughts exactly. When I read "and previously reported the Presidential Helo plans were found online" and other similar things. Maybe we want to look at this company that just *happens* to keep finding things online that help it out business wise. (yes I know the helo plans were traced specifically but just saying the idea isn't terribly far fetched).

      And the other thing about the article "it's not easy to prevent users from installing P2P software". Oh really? last time I checked even 'XP Home' prevented you from installing stuff without an admin password. If users are installing their own programs...you've already got serious problems.

      --
      People in cars cause accidents....accidents in cars cause people :-D
    9. Re:ban the man by tchuladdiass · · Score: 3, Insightful

      But they can mandate appropriate data protection procedures for anything that you work on for them. Usually they will point to a standardized security policy and say that you have to pass an audit that meets that policy.

    10. Re:ban the man by OrangeTide · · Score: 3, Insightful

      Key word is "contracts". If I contract you, I can make all sorts of crazy demands. This happens all the time in the Real World(tm). And can include preventing you from discussing things with third parties. Or requiring certain specific standards including what software you use to design the sewers. As long as there are consideration, there is a pretty wide range of things that are binding in a contract. Of course crazy demands generally reduce the quality of the contract or increase the amount of money necessary to find a taker.

      And while generally legal, being overly specific about terms that don't matter is a great way for a bureaucracy to waste money and a tremendous amount of time.

      --
      “Common sense is not so common.” — Voltaire
    11. Re:ban the man by Dragonslicer · · Score: 2, Insightful

      Wait, there's a file-sharing "industry" now?

    12. Re:ban the man by Leebert · · Score: 2, Insightful

      I have NO problem with the government madating what can and can't be on your work machine if they are paying your check. This is just common sense, just as no admin with a brain would allow someone to run Kazaa or Limewire on the corporate Intranet.

      I work at a government site. Said government site has extended such bans to BitTorrent, Skype, etc. Which are technically peer to peer. But have perfectly legitimate uses.

      Existing security controls should already note the lack of business necessity of things like Kazaa or Limewire. No need for additional regulations, which are always poorly written and blanket mis-interpreted (or worse, ignored due to infeasability).

    13. Re:ban the man by Bakkster · · Score: 2, Insightful

      Then ban it on any machine with sensitive information. Any machine that needs to push P2P information just can't have sensitive information. QED.

      --
      Write your representatives! Repeal the 2nd Law of Thermodynamics!
  3. Not this again... by mlts · · Score: 3, Insightful

    Its not P2P in itself that is wrong. It is the use. The leaked information could have wound up on a website, blog, or FTP server, and I'm almost sure nobody would be saying that those technologies should be banned.

    1. Re:Not this again... by gnick · · Score: 4, Insightful

      Still, unless there's some strange and compelling business need, no big business should be allowing employees to run Limewire at work IMO. Especially on government machines with sensitive information. Some P2P may be useful for business purposes. But Limewire?

      --
      He's getting rather old, but he's a good mouse.
    2. Re:Not this again... by MozeeToby · · Score: 4, Insightful

      The issue isn't the P2P per say, it's the fact that many P2P programs make it easy to accidentally mark files for uploading that you don't mean to. A lazy/stupid/uninformed user stands a decent chance of sharing information without even realizing it, I remember trying to explain that to someone in my family way back when Napster was big, that they were sharing all of their documents out over the network because that is where they happened to store their downloaded files and they had marked the folder as one to share, not realizing that it would share files other than those they had downloaded.

      Any program that can upload user documents without the user having knowledge of it shouldn't be used on any kind of sensitive system. In my mind, bit torrent is relatively safe from this, since it requires the user to create a torrent and make it available, not the kind of thing that is going to happen accidentally.

  4. its already banned on all government networks? by Anonymous Coward · · Score: 2, Insightful

    whatever network administrator lets limewire traffic outside of the firewall needs tossed

  5. Encryption? by sexybomber · · Score: 4, Insightful

    If the leaked data was so sensitive, shouldn't it have been encrypted, or at the very, very least, password-protected? That seems like a no-brainer.

  6. Before everyone jumps to the defense of P2P... by jpstanle · · Score: 2, Insightful
    What business do P2P file sharing apps have one government and contractor computers? While I'm sure many will rightfully point out the security through obscurity is rarely effective, and this information could have been leaked through any number of less sexy protocols like FTP, P2P file sharing has no business on government and contractor networks (BTW, when I say contractor networks, I'm referring to those that may contain sensitive or classified information). P2P apps are certainly the most common and available means of inadvertently turning a client node into a wide-open file server.

    These are not commercial ISPs or home PCs we're talking about here. These are tax-payer financed networks. What business do these users have using tax-payer owned resources for downloading music/movies/etc. whether they are copyrighted or not? If you're not going to control the software installed on these workstations, at the very least the network traffic rules should not allow for this kind of outgoing traffic on client nodes.

  7. LimeWire is to Blame by atomic_bomberman · · Score: 3, Insightful

    How could LimeWire let this happen? This is just as bad as fork and knife manufacturers who fail to keep fat, dumb people from eating too much.

  8. I one were deliberately trying to discredit P2P... by roc97007 · · Score: 2, Insightful

    ...one couldn't find a better way to do it than this.

    --
    Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
  9. Lights, Cameras, Lies by JackSpratts · · Score: 5, Insightful

    they could have fabricated similar testimony 10, 9, 8, 7, 6, 5, 4, 3, 2, 1 year ago (you pick). oh wait, they did. meanwhile harddrives, laptops and usb drives keep wandering away with impunity & multi gigabytes of really sensitive data. god forbid you encrypt. much easier blame p2p on the house floor in front of the bright lights of the very media cartels who create this artificial drama.

  10. baby and bath water by zogger · · Score: 5, Insightful

    Some leaks are good though, and necessary for maintenance of a free Republic. They are last ditch efforts by someone who is aware of "clear and present danger" when all else has failed to affect honesty and following the law in whatever bailiwick this person is working in, and usually the leakers are anything but traitors, they can be overwhelming patriots helping to expose the real bad guys and bad stuff. They can help expose government lies and corruption, when the official channels (all the way to *the very top*) are themselves completely corrupt, making any other effort doomed to failure.

        Here's a prime example. This leak was a *really big deal* for my boomer generation and certainly did some good, long range/historically speaking.