(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for March 2nd, 2009

P2P Leak Exposes Sensitive Data On Marine One

leave a comment »

Blueprints of president’s helicopter exposed via open P2P connection in Iran

By Tim Wilson,  DarkReading
March 2, 2009

The full blueprints and avionics information for Marine One — President Obama’s personal helicopter — have leaked out on the Web via a peer-to-peer file-sharing vulnerability, according to a local news report.

According to a news report on Pennsylvania’s WPXI, employees at Tiversa, a company whose technology monitors P2P networks and potential security vulnerabilities, found engineering and communications information about Marine One at an IP address in Tehran, Iran.

“We found a file containing entire blueprints and avionics package for Marine One,” said Bob Boback, CEO of Tiversa. The company traced the file back to its original source.

“What appears to be a defense contractor in Bethesda, Md., had a file-sharing program on one of their systems that also contained highly sensitive blueprints for Marine One,” Boback said. Tiversa also found sensitive financial information about the cost of the helicopter on that same computer.

Boback said someone from the company most likely downloaded a file-sharing program, typically used to exchange music, not realizing the potential problems. “When downloading one of these file-sharing programs, you are effectively allowing others around the world to access your hard drive,” he observed.

“We found where this information came from,” added Retired Gen. Wesley Clark, an adviser to Tiversa, in the report. “We know exactly what computer it came from. I’m sure that person is embarrassed and may even lose their job, but we know where it came from, and we know where it went.”

Right! Well, nothing like a little leak of the new Marine One avionics to get the basic fact that Infosec in the US is woefully inadiquate! Of course it is rather interesting that the leak leads directly to Iran. So, lets put on the “conspiracy” cap and ponder this… Iran just happens to have someone trauling the internets P2P (Limewire) and grabs the avionics package to Marine One?

That kinda pegs the needle a bit huh?

Of course they say they know who did it and imply through a lack of care in the tone, that it was a mistake. What a friggin mistake huh? I am sure if indeed it was a mistake then this person should be fired. Now, what really bugs me is where were the policies and procedures denying this type of software and sharing of data? Where was the enforcement here to stop such a thing from happening? The story implies that this was a contractor who leaked it. So much for security SLA’s huh?.

Written by Krypt3ia

2009/03/02 at 22:18