Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Obama Helicopter Security Breached By File Sharing

Soulskill posted more than 5 years ago | from the we're-getting-lazy-without-a-cold-war dept.

The Military 408

Hugh Pickens writes "A company that monitors peer-to-peer file-sharing networks has discovered a potentially serious security breach involving President Barack Obama's helicopter. 'We found a file containing entire blueprints and avionics package for Marine One, which is the president's helicopter,' says Bob Boback, CEO of Tiversa, a security company that specializes in peer-to-peer technology. Tiversa was able to track the file, discovered at an IP address in Tehran, Iran, back to its original source. 'What appears to be a defense contractor in Bethesda, Md., had a file-sharing program on one of their systems that also contained highly sensitive blueprints for Marine One,' says Boback, adding that someone from the company most likely downloaded a file-sharing program, typically used to exchange music, without realizing the potential problems. 'I'm sure that person is embarrassed and may even lose their job, but we know where it came from and we know where it went.' Iran is not the only country that appears to be accessing this type of information through file-sharing programs. 'We've noticed it out of Pakistan, Yemen, Qatar and China. They are actively searching for information that is disclosed in this fashion because it is a great source of intelligence.'"

cancel ×

408 comments

Sorry! There are no comments related to the filter you selected.

Well... (5, Funny)

Anonymous Coward | more than 5 years ago | (#27029441)

So where's the torrent?

Re:OH ..Well... (0)

Tuna_Shooter (591794) | more than 5 years ago | (#27029871)

Who Cares ????...... i don't...

Re:Well... (0)

Anonymous Coward | more than 5 years ago | (#27030061)

So that black helicopter thing is true after all!

Cue the Hysteria... (3, Insightful)

TaoPhoenix (980487) | more than 5 years ago | (#27029453)

Gee. That's a nice balanced summary, ahead of the histrionic response of "OMG file sharers are breaching national security!"

Re:Cue the Hysteria... (2, Insightful)

nametaken (610866) | more than 5 years ago | (#27029725)

My question is more like, who the hell is still using that sort of old-an-busted P2P software (bearshare, kazaa, etc) that does autosharing of folder contents like that? And really, someone with blueprints and such for marine one?

Someone tell that guy/gal it's 2009.

Re:Cue the Hysteria... (-1, Troll)

Spy der Mann (805235) | more than 5 years ago | (#27029747)

Worse - why are the idiots storing their sensitive information in a WINDOWS MACHINE!? They might not have kazaa installed, but what about spyware? After all, the "spy" in spyware is there for a reason!

Re:Cue the Hysteria... (3, Insightful)

YrWrstNtmr (564987) | more than 5 years ago | (#27029921)

The OS doesn't matter (much). The real problems are:

1. the idiot who thought it was OK to install a file sharing program on a work computer
2. the idiot who installed said program, AND had the folder/directory containing the sensitive files shared out.
3. the idiot admins who allowed him to install said program
4. the idiot admins who allowed that traffic over the network
5. the idiot admins who allowed those ports open
6. people who think that 'anything but Windows' is automatically secure.

On any other OS, this idiot would have done exactly the same thing, simply because he is an idiot.

Re:Cue the Hysteria... (5, Informative)

Dun Malg (230075) | more than 5 years ago | (#27029965)

That's not even the real issue. They should be asking what a contractor is doing putting classified information on his "walking around" laptop. When I was in military intelligence, we had machines with classified information, but they were either dedicated hardened devices (for in the field) or they were fairly standard windows machines kept inside some sort of secure perimeter. The P2P aspect of this is really irrelevant, other than it gives both the "dastardly towelheads of Eastasia*" and the DoD an easy way to spot the information in the wild. This contractor likely already broke the rules enough to lose his job by having the files there in the first place.

* we've always been at war with Eastasia, right?

Re:Cue the Hysteria... (1)

eean (177028) | more than 5 years ago | (#27029841)

Yea these people should be more then just fired in my opinion. Ignorance is no excuse for breaking any law, I don't see why breaching national security is any different. Scooter Libby didn't have to serve any jail time, but hopefully the new president takes things more seriously.

Re:Cue the Hysteria... (2, Insightful)

peektwice (726616) | more than 5 years ago | (#27029741)

Yes, this is absolutely a lobbying ploy. How the hell do they know "exactly which computer the information came from" unless they had direct access to the defense contractor's computers? TFA doesn't say whether or not they had legitimate access to them. As a card-carrying conspiracy theorist, I know that there was no security breach and the Iranians don't have the blueprints for Marine One. This is all a sham to:
a.) Pass legislation against P2P software.
b.) Get more funding for Tiversa's "security research".
c.) Return Westley Clark to relevance.
d.) ???
e.) Profit

sorry... couldn't resist the last part.

Re:Cue the Hysteria... (4, Insightful)

phorest (877315) | more than 5 years ago | (#27030031)

There's even more profit in REPLACING the now 'breached' current presidential helicopter fleet over these blueprints.
Don't even think that this has primary IT implications.
This is more about giving the polititians cover to continue the cost overruns.

Lockheed-Martin signed a contract four years ago to build 28 new helicopters for $6.1 billion. Numerous Pentagon-mandated changes have ballooned the price tag to $11.2 billion - meaning each of the new choppers would cost $400 million, or as much as Air Force One.

Marine One Upgrade Plan Stirs Debate [kdka.com]

A helicopter (one) that costs as much as (one) Boeing 747!

Wow...

Re:Cue the Hysteria... (4, Insightful)

nine-times (778537) | more than 5 years ago | (#27029763)

I don't think there's anything unfair about the summary. P2P applications are a security risk, and I know I don't allow my users to install them on their work computers.

Let me put it this way: Any time you're setting a computer up to be a server on the Internet, it's always a security risk. There are risks associated with bugs and things like that, but also (and perhaps more importantly) there are risks associated with misconfiguration. This is very relevant for P2P applications, which might come configured by default to share files that you don't want to share.

So yes, if people with high security clearances are installing Kazaa on their work computers and sharing out all their documents, then "OMG file sharers are breaching national security!"

Re:Cue the Hysteria... (1)

thesaurus (1220706) | more than 5 years ago | (#27029897)

Mod this parent up. The summary is right on. It drives me nuts how Slashdot can't break out of its "get yer goverment hands off my computerz!" mindset for even unrelated stories. This isn't a story about the RIAA suing grandmothers. This is about stupid users, poor security policies, and badly configured software coming together to pose a national security threat (and even a threat to an individual) which is certainly newsworthy.

It's official... (5, Funny)

denzacar (181829) | more than 5 years ago | (#27029455)

Tiversa was able to track the file, discovered at an IP address in Tehran, Iran, back to its original source.
.
.
'We've noticed it out of Pakistan, Yemen, Qatar and China. They are actively searching for information that is disclosed in this fashion because it is a great source of intelligence.'

If you use p2p file sharing software to steal music and TV shows - terrorists win.

Re:It's official... (3, Insightful)

TechForensics (944258) | more than 5 years ago | (#27029499)

Mit der Dummheit kaempfen Goetter selbst vergebens

Wohl so, aber warum denn haben die Goetter die Dummheit gemacht?

It is a serious question why God made stupidity if he himself has to contend with it.

Re:It's official... (1)

cheftw (996831) | more than 5 years ago | (#27029627)

Switching between mono- and polytheism mid-post won't help anyway. One answer is that it was an unintended side-effect, or that he enjoys a challenge, or maybe he's pretty stupid himself. And why did he make contention is he has to do it?!

Re:It's official... (0)

Anonymous Coward | more than 5 years ago | (#27029789)

Mit der Dummheit kaempfen Goetter selbst vergebens

Wohl so, aber warum denn haben die Goetter die Dummheit gemacht?

It is a serious question why God made stupidity if he himself has to contend with it.

So you can read German but don't understand German and as such make yourself serve as an example of the meaning of the idiom, well done! ^_^

It's official-Actions have unintentional consequen (0)

Anonymous Coward | more than 5 years ago | (#27029555)

Repeat after me, "actions have consequences". Sometimes consequences we didn't intend. Could this have happen as easily and unintentionally with any other file-sharing protocol? .e.g. FTP,HTTP. For those out there who justified their illegal file-sharing under, "I ain't hurting nobody". This post's dedicated to you.

Re:It's official... (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#27029617)

How do terrorists benefit from that?

Re:It's official... (1)

MrMr (219533) | more than 5 years ago | (#27029809)

stop being unscared and get with the program.

well well (1)

Widowwolf (779548) | more than 5 years ago | (#27029459)

Isn't anything sacred anymore!

President gets a new Marine One (1)

bfmorgan (839462) | more than 5 years ago | (#27029463)

This will result in a new Marine One being procured.

Re:President gets a new Marine One (5, Informative)

Dun Malg (230075) | more than 5 years ago | (#27030053)

You know, I'm usually one to go with Hanlon's Razor (never attribute to malice what can adequately be explained by stupidity), but with the VH-71 [wikipedia.org] Marine One replacement program getting the stinkeye [washingtonpost.com] for it's ridiculous cost overruns, for once the conspiracy thing has me suspicious. It's likely the plans being on P2P part is entirely coincidence, and the publicity of the incident is the conspiracy, but I can see it happening. The question now is, which Marine One plans are they? Are they the plans for the helicopters currently in service, and the conspiracy is trying to save the VH-71 program, or were they the VH-71 plans and the conspiracy is trying to kill the VH-71 program?

Really though, it's probably just unrelated coincidence. Most things like this are completely unplanned. Conspiracies require competence, and you just don't find that in government much.

Need more info on this "File sharing" app (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#27029467)

http://www.youtube.com/watch?v=iQto3HZvkYU

How convenient.. (0)

Anonymous Coward | more than 5 years ago | (#27029469)

they found that one file out of millions and it has links to Iran.

The employee responsible is SO toast. (1)

TechForensics (944258) | more than 5 years ago | (#27029473)

Wow. I wouldn't want to be him / her about now.

Re:The employee responsible is SO toast. (0)

Anonymous Coward | more than 5 years ago | (#27029701)

What about the network admins? I know I'd lose MY job over something like this...

Re:The employee responsible is SO toast. (2, Insightful)

nurb432 (527695) | more than 5 years ago | (#27029749)

employee?? The company should be toast.

Re:The employee responsible is SO toast. (1)

rubycodez (864176) | more than 5 years ago | (#27029775)

specifically, the network engineer that set up their routers and firewalls should be toasted, medium well on a spit

Re:The employee responsible is SO toast. (0)

Anonymous Coward | more than 5 years ago | (#27030029)

What does the network engineer have to do with it? These plans should not be on a networked computer, per company policy. Besides, who buys the bullshit that it happened by accident? It is either Obama's foot in Iran's door, a deliberate leak of false information or plain espionage.

Re:The employee responsible is SO toast. (1)

peektwice (726616) | more than 5 years ago | (#27029759)

Getting framed for political gain sucks.

takes 2 to tango (0)

Anonymous Coward | more than 5 years ago | (#27029475)

doesn't the file have to prepared for upload

Re:takes 2 to tango (0)

Anonymous Coward | more than 5 years ago | (#27029545)

doesn't the file have to prepared for upload

Yes, but is it that much of a stretch to think that someone who would install an unapproved program on a computer containing information relating to national security might not know how to configure it correctly? IT departments decide what software is allowed in their organizations for just this sort of reason.

Re:takes 2 to tango (4, Interesting)

jd142 (129673) | more than 5 years ago | (#27029557)

Nope. Everyone is assuming this is a torrent because it is the most popular form of file sharing. Many of the old school peer to peer file sharing apps *by default* shared your documents folder. You could turn it off, but most people don't.

Many confidential files have been leaked this way. http://www.eweek.com/c/a/Security/Citigroup-Customer-Data-Leaked-on-LimeWire/

There used to even be guides to tell you what were common digital camera prefixes so you could do a search for CIM*.jpg or DSC*.jpg and browse people's private folders.

If you were a company or nation involved in espionage, getting on a p2p network and searching for files with obvious names would be a good place to start.

http://bizsecurity.about.com/b/2008/07/08/limewire-and-working-at-home.htm

It isn't just limewire of course, that's just the first one I could remember from years ago. There's also eMule and many others.

In addition to firing the person responsible, the entire IT staff should be reviewed if not fired. My guess though is that this is some ceo who specifically told IT that he was exempt from the security rules. C*Os are the biggest security risk because they tell people that the security rules don't apply to them. Remember that cdw? commercial about the boss who infects an entire office because he let's his kid use the company network?

Re:takes 2 to tango (1)

Jurily (900488) | more than 5 years ago | (#27029611)

Many of the old school peer to peer file sharing apps *by default* shared your documents folder. You could turn it off, but most people don't.

'Nuff said.

Shouldn't sensitive data be protected or something? I mean, why does he even have the right to have access to the internet at the same time as the right to install arbitrary applications that can read said data?

Re:takes 2 to tango (5, Insightful)

Rich0 (548339) | more than 5 years ago | (#27029689)

Uh, data like this shouldn't even be on a computer with a physical link to the internet at all. Classified data should stay on classified networks. Period.

I know a guy at a defense contractor. They isolate their networks containing classified data. If they need to remove a file from the room they reimage a desktop with a known safe image, copy the file onto that PC from a CD burned from a classified PC. They then scrub the files with software that does stuff like wipe unallocated space, check for word versions, PDF comments, etc. Then that desktop is used to burn a new CD with just the intended files. Then they securely wipe the desktop. That one CD that was created in this fashion is then allowed to leave the room. Note that this is the gist of how it works - some details may be less than accurate (obviously I'm not privy to the exact procedures, but this is the general level of rigor involved).

Even if somebody installed Kazaa or its like on one of the computers in that room it wouldn't be able to leak data - there are no network connections that are attached to the internet. If somebody needs to check email or browse the web they leave the room (carrying nothing with them) and go to another desk in a regular office area, which has a fairly secure network but something more akin to what you'd find in any decently secured corporate network. Of course, installing kazaa in the first place would be difficult since you're not supposed to carry anything into or out of the classified areas - I don't know if they get searched at the door but you would certainly be fired and potentially prosecuted if you were caught doing it intentionally.

Important datacenters like those found in stock exchanges / etc are similar. The datacenter is secured, network access is very carefully controlled, and to do anything important you need to have physical access to a room with cameras pointed everywhere and every task involves two people at the keyboard at all times.

There is no excuse for these kinds of breaches. Strong security isn't actually hard. It is certainly expensive, and it is certainly inconvenient. However, it really isn't hard - you just need to be methodical.

Re:takes 2 to tango (1)

Raenex (947668) | more than 5 years ago | (#27029735)

There is no excuse for these kinds of breaches. Strong security isn't actually hard. It is certainly expensive, and it is certainly inconvenient. However, it really isn't hard - you just need to be methodical.

Which is what makes it hard. Information is easily spread. People make mistakes. A security mistake won't crash your computer.

Re:takes 2 to tango (1)

ixnaay (662250) | more than 5 years ago | (#27029883)

Even if the material is unclassified, which is very likely considering the coverage so far, there is another set of laws that cover anything related to military specifications: ITAR [wikipedia.org]

The penalties for ITAR related violations can be almost as bad as those for sharing classified materials (which is treason).

Re:takes 2 to tango (3, Interesting)

LatencyKills (1213908) | more than 5 years ago | (#27029935)

Actually, it's even harder to get a file off a classified network than that. At least where I work, any CD or DVD burned off a classified network is automatically classified at the same level as the network it came from. If you want to move a file to an unclassified network from a classified one, that process is known as a downgrade and requires the entire file to inspected as PLAIN TEXT. What about .doc or .ppt files you ask? It can't be done - there's no approved process for it. Actually, that's not 100% true - you (meaning someone with proper permissions) can print the file in it's entirety, read it over, and scan it onto an unclassified network using an optical scanner.

Re:takes 2 to tango (1, Informative)

Anonymous Coward | more than 5 years ago | (#27029943)

What you described is how they handle "Top Secret" and sometimes "Secret" data. "Classified" data security is much more open. Pretty much anyone can have Classified data laying around.

Obligatory (5, Funny)

lixee (863589) | more than 5 years ago | (#27029479)

Torrent link, please?

Re:Obligatory (-1, Troll)

Anonymous Coward | more than 5 years ago | (#27029495)

...

Please turn in your geek-card.

Re:Obligatory (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#27029497)

[url:http://www.youtube.com/watch?v=oHg5SJYRHA0]http://www.torrrrrentz.com/13ghrtrudkll/[/url]

Re:Obligatory (1)

LordKaT (619540) | more than 5 years ago | (#27029561)

way to fail

Re:Obligatory (1)

nurb432 (527695) | more than 5 years ago | (#27029861)

freenet

No one is minding the store. (0)

Anonymous Coward | more than 5 years ago | (#27029481)

The buzz was so loud about the "blackberrry" hole, that they couldn't see the big picture. And a distraction is always a good strategy when planning a robbery.

Ratio builder (1)

castorvx (1424163) | more than 5 years ago | (#27029483)

I smell a ratio builder!

two-edged sword (1)

rlseaman (1420667) | more than 5 years ago | (#27029489)

  1. Presumably this company found out about the damage using the same programs.
  2. Wouldn't the responsible behavior be to inform the FBI or DoD (not also the "bad guys")?
  3. Clearly they are more interested in their business model than national security, otherwise why trumpet this bogus hysteria worldwide.

It can't be that sensitive... (0)

Anonymous Coward | more than 5 years ago | (#27029513)

Otherwise they wouldn't have it on a computer connected to the internet. Any documents with a clearance level have to be on a classified network, tucked away from the wild. There was a much bigger problem with their setup than file sharing software if these were classified documents.

Classified vs. sensitive (1)

davidwr (791652) | more than 5 years ago | (#27029583)

In any company, there are sensitive documents that aren't government secrets.

If this was a classified file, the company is going to be in big hot water for allowing it on the public network.

If it wasn't classified, the company may still be in trouble but they may be able to save face by educating their workforce on safe computing.

The general problem this exposes is much bigger:
Companies who let their employees work from home or the road and who don't do adequate training and take adequate protection measures risk similar unintentional data breaches. These breaches can be anything from legal-but-harmful leaks like upcoming product announcements to get-fined-or-go-to-jail leaks of data like financial or medical records.

Re:Classified vs. sensitive (1)

conureman (748753) | more than 5 years ago | (#27029673)

My girlfriend works for Social Services. Budget cuts have prompted Management to assign more caseloads than feasible for each remaining worker, with the direction that these MUST be kept 95% up-to-date. The only people in compliance now are the ones taking their work home. I asked her which files were public records legally allowed out of the office, precipitating an unpleasant interlude. oops. IMHO this should be severely dealt with by statute and enforcement until the idiots can be trained to use a tiny bit of common sense regarding other people's data.
BTW, freetards FTW.

Why is this tagged "Windows"? (4, Insightful)

Wrath0fb0b (302444) | more than 5 years ago | (#27029519)

I'm pretty sure that stupid/careless employees can leak sensitive information through P2P on any OS. I'm not aware that any of the OSX/nix installs search any less widely for shared folders than the Windows versions.

Stupidity is definitely OS-independent.

Re:Why is this tagged "Windows"? (1)

gmuslera (3436) | more than 5 years ago | (#27029847)

I'm pretty sure that stupid/careless employees can leak sensitive information through P2P on any OS. I'm not aware that any of the OSX/nix installs search any less widely for shared folders than the Windows versions.

Dont remember any p2p program for linux that shares by default the home dir, much less the Documents folder (when is there, anyway). Sharing the Documents folder or the user dir could look reasonable in windows world (where you dont have practically everything that matters in that dir). but in *nix is a big enough security hole to not include that default behaviour in p2p programs.

Stupidity is definitely OS-independent.

Some vulnerabilities make you think that choosing certain OSs could be a symptom of stupidity, specially if you have so very sensitive information in an internet connected pc.

But maybe wasnt entirely the pc owner fault. Could a trojan/botnet there have been used to extract that information and then, well, some botnets/trojans use p2p networks to spread/communicate or the botnet owner found that file and published it?

"windows" article tag biased (5, Insightful)

v1 (525388) | more than 5 years ago | (#27029523)

A lot of these P2P apps share your entire home or your entire computer by default when you first install them, it's up to you to go in and shut that stuff off, or at least define a specific folder to share from rather than the default.

Tagging this with "windows" isn't fair - it can affect any other system equally, this isn't a software problem, it's a user or developer issue. For example, I've worked on numerous macs with Limewire installed on them that are sharing all the user's music automatically by default.

Re:"windows" article tag biased (0)

Anonymous Coward | more than 5 years ago | (#27029575)

Tagging this with "windows" isn't fair - it can affect any other system equally, this isn't a software problem, it's a user or developer issue. For example, I've worked on numerous macs with Limewire installed on them that are sharing all the user's music automatically by default.

WRONG WRONG WRONG.

Serious Linux distros will run your p2p app (mldonkey for instance) as a unprivileged user (usually nobody). If your $HOME dir is securely chmoded, the p2p app wont have privileges to browse it.
If you like to run your apps as root, thats YOUR problem.

End of Story

Re:"windows" article tag biased (3, Insightful)

Reality Master 101 (179095) | more than 5 years ago | (#27029647)

Sorry, but this is ridiculous. Who doesn't have their entire home directory open to their own user? And who is going to run their file sharing app so that it can't access their home directory? That's the whole point of the file sharing app! Sheesh.

Re:"windows" article tag biased (0, Troll)

MMC Monster (602931) | more than 5 years ago | (#27029693)

The point is that the file sharing application is not run with the permissions of the current user, and therefore doesn't have access to information that isn't a+r.

That being said, file sharing applications are supposed to share files. Running these applications as a separate account with no access to files (and likely inability to have write access to the user's home directory or a subdirectery thereof) is quite brain dead.

Any power user that wishes to set up the application that way once it is installed can likely also change the folders that are shared to something reasonable.

Remember that the programmer has to account for some users having no idea which files they want to share.

Re:"windows" article tag biased (1)

sirlatrom (1162081) | more than 5 years ago | (#27029765)

... run your p2p app (mldonkey for instance) as a unprivileged user (usually nobody).

Unless your login name is "nobody", GP actually has a point. I for one like to keep my home dir safely chmod'ed to 0700.

Expecting that their distro will automagically take care of running any p2p app as "nobody" for them is another discussion - but I expect some p2p daemons actually run this way?

Re:"windows" article tag biased (1)

Morten Hustveit (722349) | more than 5 years ago | (#27029677)

If your $HOME dir is securely chmoded, the p2p app wont have privileges to browse it.

Of course, removing the read bit and disowning your $HOME will prevent `ls' and file managers like Midnight Commander from being able to list directory contents, but that's how we Unix users roll. We also like to use non-guessable subdirectory names.

It's not a user's issue (1)

Kickasso (210195) | more than 5 years ago | (#27029949)

and it's not a developer's issue. It's an IT department's issue. Why a computer with sensitive information on it was connected to the Internet? If it had to be connected, why wasn't it firewalled properly? Why the user was able to install unapproved stuff? Most importantly, why nobody seems to be asking these questions?

RIAA (1)

XPeter (1429763) | more than 5 years ago | (#27029527)

The RIAA should take some notes. It doesn't matter how much money you spend, or how much you sue...you'll never stop P2P or anything like it.

good luck with that! (1)

v1 (525388) | more than 5 years ago | (#27029539)

from TFA: Rep. Jason Altmire, D-Pa., said he would ask Congress to investigate how to prevent this from happening again.

And you're going to do WHAT? Stop using defense contractors? Train the entire world on common sense? good luck!

Peer to Peer = Terrorism (1)

Jackie_Chan_Fan (730745) | more than 5 years ago | (#27029543)

Now the government has an excuse to completely ban Peer 2 Peer. I'm sure its complete bullshit, but it wouldnt be the first time the government lied to us about "terrorism" in order to gain financially and politically.

Topical BS (2, Interesting)

El Torico (732160) | more than 5 years ago | (#27029551)

Is it just me, or does this whole thing seem a bit too topical? I can see this meeting taking place at the Tiversa head office.

CEO - "We need to drum up business! What's a good angle to increase our visibility?"
Marketing Droid One - "Evil powers are undermining our National Security© is tried and true, Sir."
Marketing Droid Two - "It's consistently scored highly in all of our focus groups."
CEO - "That was with the last administration! We an angle for today people!" (makes slicing hand gesture)
Up and Coming Sycophant - "I know! The helicopter! We can say that someone stole the plans to the President's helicopter!"
CEO - "That might just work. Tie that in to the usual National Security line and send out a press release!"

I want properly configured SELinux (1, Interesting)

r6144 (544027) | more than 5 years ago | (#27029559)

There are a few sensitive files in my home directory, such as my private key in ~/.ssh and a few configuration files that contains passwords in clear text. I really don't want these files to be shared inadvertently, yet they are currently treated as ordinary files by the SELinux on my Fedora 10 system, so any process running under my account can access these files. Of course I can still relabel the files and change my SELinux policy, but this is beyond the ability of most people. It is a shame that SELinux, with its huge potential, is so hard to use that it still provides very little security for an ordinary user.

Re:I want properly configured SELinux (1)

Bromskloss (750445) | more than 5 years ago | (#27029671)

I'd like every program I run to be in a sandbox. For example, not having access to a single file without my permission.

Re:I want properly configured SELinux (1)

conureman (748753) | more than 5 years ago | (#27029817)

Simple end user protocol: Don't put confidential data online. I have several nodes that have no connection, and I don't even have kitty-porn on them. My data is damn near secure on those. Actually I was real annoyed when I was unable to locate a non-wi-fi-ready variant of a motherboard recently. Asus had it in the catalog but none of the retailers seemed to think that anyone might not want to broadcast their shit.

Should be fired and prosecuted (0)

Anonymous Coward | more than 5 years ago | (#27029565)

The responsible person should be fired for violating company policy and prosecuted for releasing secure information. I doubt it was classified information, since that would never be stored on a system connected to the internet.

The contractor needs to fire their security team and CSO too. There's no excuse for outbound traffic from desktops without going thru filtered proxies.

Next we'll find that they used commercial/free IM services too. Idiots.

Another Internet FUD post in quick succession (3, Insightful)

marco.antonio.costa (937534) | more than 5 years ago | (#27029603)

Wow. BitTorrent is really freaking the control freaks out isn't it? I guess the Pirate Bay trial must be going worse than they thought....

Re:Another Internet FUD post in quick succession (0)

Anonymous Coward | more than 5 years ago | (#27029879)

No, this has nothing to do with Bittorrent or the Pirate Bay. Bittorrent requires you to actively share, it does not "just happen" accidentaly.

There is a incredibly popular chinese (what a coincendence) P2P software (the name escapes me right now) that shares all files by default. This behaviour was not obscure a couple of years ago and I guess it is still easy to do such things with the P2P programs nowadays. Someone stupid enough to use P2P software at work where such important data is around surely is stupid enough to use the worst P2P software out there.

Conclusion: I think this is quite possible.

Re:Another Internet FUD post in quick succession (0)

Anonymous Coward | more than 5 years ago | (#27030071)

Anti-P2P legislation typically doesn't say "all these nasty auto-sharing P2P programs, but not Bittorrent."

Outside connected machines (5, Insightful)

nurb432 (527695) | more than 5 years ago | (#27029609)

Should be *banned* for security areas. If you need 'outside' for a valid reason you provide a dedicated machine for that purpose.

Its pretty simple. That company should be fired, not just the fool that caused the leak.

And i don't care what OS it runs, anything less then the above is plain reckless.

Re:Outside connected machines (2, Insightful)

igb (28052) | more than 5 years ago | (#27029651)

I've never understood the provision of paths from `inside' to `outside' in any work environment. We wash everything through application relays with RFC 1918 on the inside and no NAT. It's not perfect: a _lot_ tunnels through HTTP, for example, and we're fairly permissive with CONNECT to our proxies. But at least we have logs of every connection.

wrong target to get blame (1)

meerling (1487879) | more than 5 years ago | (#27029619)

I'll bet that they'll use this as an excuse to try and ban filesharing, when the problem isn't P2P, it's a basic I.D.10-T error. Wonder if the dope that did this works for the same company that had their entire network as internet routable addresses... Yep, their entire network could be accessed by anyone in the internet, we tested that, and their IT Manager still refused to fix his security issue. Nothing more we could do for him.

So now that they have the plans for Marine One. (2, Funny)

motherjoe (716821) | more than 5 years ago | (#27029625)

So now that they have the plans for Marine One. They can save bundles in R&D and finally build Ayatollah One.

Couldn't resist. :)

The solution.. (5, Interesting)

bjourne (1034822) | more than 5 years ago | (#27029661)

This is not a new problem, for years it has been trivial to search for passwords.txt and find hundreds of email passwords, credit card numbers and other sensitive information. Even if this is a PEBKAC issue, there are still several things that could be done to mitigate or cure the problem:
  • Special NIC:s that drops non-VPN traffic.
  • Hardware firewalls that drop all outgoing traffic except for HTTP and SMTP.
  • P2P software that disallows sharing of files less than say 1mb in size. Or disallow sharing of plain text files or other documents. Usually, people are sharing media or archived software. If a .ppt file is shared, then in 99 cases out of 100, it wasn't supposed to be shared.

None of these ideas are foolproof, someone dumb enough would eventually screw up anyway. But that is not the point, the point is that there are simple engineering steps that can be taken to reduce the amount of inadvertantly shared data.

Re:The solution.. (1)

Jeff DeMaagd (2015) | more than 5 years ago | (#27029737)

Do these programs even tell you in any plain manner that they are sharing the contents of the computer? I get the impression that they don't, that you have to know that it defaults to "open kimono mode" (i.e., it shares your entire computer) and specifically turn it off in the settings.

Re:The solution.. (1)

Rynor (1277690) | more than 5 years ago | (#27029961)

The ones I used in the past clearly had a list displayed the first time you started it, where you could select directories you wanted to share.

The whole problem here are not these kinds of programs, but the idiots using them.

This is why (4, Insightful)

Reality Master 101 (179095) | more than 5 years ago | (#27029667)

... and this is why you have draconian policies in many companies about installing ANY unapproved software. I've seen people complain about "just let me do my job" and install anything they want, but the fact of the matter is that it only takes one dumb-ass like this to wreak major havoc.

Re:This is why (1, Insightful)

Anonymous Coward | more than 5 years ago | (#27029807)

I've seen people complain about "just let me do my job" and install anything they want, but the fact of the matter is that it only takes one dumb-ass like this to wreak major havoc.

Which is why it should be a policy enforced by the computer, not a written policy. Windows has various options to control this. For example, you can provide a whitelist of allowed applications, or only allow applications signed by the administrator. These features have been available for years and I'm still amazed that most businesses don't use them.

Re:This is why (2, Insightful)

nightfire-unique (253895) | more than 5 years ago | (#27029931)

... and this is why you have draconian policies in many companies about installing ANY unapproved software. I've seen people complain about "just let me do my job" and install anything they want, but the fact of the matter is that it only takes one dumb-ass like this to wreak major havoc.

On the other hand, businesses exist to make money. Too far in the restrictive direction, and the employees will become unproductive and leave. Damned if you do, damned if you don't, I suppose.

It's all about balance - security is a process, not a rule set. If the security group is responsive to employee requests, and the rulebase is reasonable, a happy medium can be achieved - some security breaches, and some productivity.

Re:This is why (1)

mariushm (1022195) | more than 5 years ago | (#27029975)

Actually, I would dare to say it's the people's fault for storing sensitive files in the Documents folder in the first place.

Sensitive data should be read from a network drive only when needed, and there should be a log with who opened it, who saved it and so on, much like a SVN/CVS whatever.

Also, a very important rule that every company should teach programmers and employees is NEVER STORE DOCUMENTS ON THE BOOT PARTITION.

If for some reason Windows goes berserk/crashes/you get infected with a virus, the easiest solution is to simply reinstall the operating system, formatting the boot partition.

Most often someone will forget about some documents on the boot partition and will lose stuff.

Teaching this solves the "automatic sharing of My Documents by p2p software" automatically, as people will no longer use it to store stuff.

Yep (2, Insightful)

Sycraft-fu (314770) | more than 5 years ago | (#27030011)

Also I've discovered that quite often, the reason people want the ability to install software is precisely because they want shit they know they shouldn't have at work.

I work for a university, so there isn't a hard and fast rule on admin for users. We'd like that nobody has it, because there's less problems, but due to various reasons including academic freedom and research groups owning their own systems, we have to allow it when professors request it.

Now you might assume that the reason a grad student would want admin access is just to make their work easier. They can install software when needed, without asking IT. In some cases, that is it, though there is still software you have to ask us to install since it is centrally licensed. In other cases, there are software/hardware combos for particular research that just won't run without admin. So we certainly get some legit requests.

However there are more than a few grad students that get admin, and then set about installing shit they shouldn't. Normally we find out fairly quick because some of it tends to be infected with viruses. The whole reason they want admin is not because it'll make their research easier, but because they want to install P2P apps, Skype, and so on to screw around.

I'm willing to bet the same holds true at companies. I'm sure some people need software that IT doesn't install by default to make their job easier. However I'm sure other people want to install stuff that isn't work related, and that's why they don't ask the IT department to do it and instead insist on getting admin access. While some people might say "So what? People goof off at work, why not let them?" this shows the reason. The reason isn't that IT is worried about you goofing off, the reason is they are worried about security problems.

More than embarrassment, and not just that person (1)

DaveGod (703167) | more than 5 years ago | (#27029723)

someone from the company most likely downloaded a file-sharing program, typically used to exchange music, without realizing the potential problems. 'I'm sure that person is embarrassed and may even lose their job,

I'm sure he is embarrassed and his job is in question. However that's not what will be freaking out the bosses. This is a systems failure, they should have had prevention and detection controls in place.

This is confidential data. Commercially sensitive data. Military data. There's a duty of care, contractual and legal obligations that lie not on the employee but the company and it's directors for failing to adequately protect it. Even if there's no legal action the company's customers and supplies will have to think twice about dealing with them.

Ha! Just kidding. The employee will get fired, maybe the IT manager too, and those tasked with the duty of care (directors) will carry on unscathed, and the customers and suppliers won't take the slightest bit of notice since hey it's got nothing to do with them.

Epic career limiting move (2, Funny)

RobertLTux (260313) | more than 5 years ago | (#27029755)

So whats the high/low on this person having a GitMo vacation??

Re:Epic career limiting move (1, Insightful)

copponex (13876) | more than 5 years ago | (#27029813)

No chance. [cnn.com]

There's an administration in place that understands that sacrificing our values to fight an enemy without values is self-contradictory.

Imagine that?! (1)

erroneus (253617) | more than 5 years ago | (#27029757)

People who don't understand what they are doing are also making huge mistakes!

In our consumer-safety world, we blame the manufacturers/publishers of products for when their use results in harm of some kind. We do this with cars, refrigerators, shoes and drugs. Somehow we have yet to address this problem with software... or more precisely, we have EULA'd ourselves out of any recourse on the matter.

People want to share stuff on the P2P (which doesn't always mean bittorrent... it can also mean other protocols like gnutella or whatever the earlier types were) but don't fully understand what they are doing... and in as far as getting what they want, are willing to ignore trivial problems like security. People are operating complex systems with sensitive information and mixing that with software that doesn't respect it. There are a lot of contributing factors to this problem. One might be using a consumer-oriented operating system in sensitive data handling. (There once was a time when people used mainframes and unixes for "serious" business information that needed controls and desktop operating systems for clerical and similar types of work... why did that end?) Good IT practices have fallen with the amount of pay and respect IT people receive. The ones who cared and took their jobs seriously exited the field to be replaced by people who are willing to deliver to some really stupid demands.

People, business, industry and government need to take a good look at where their data is being handled. Marketing trends and "ease of use and availability" have trumped good sound practices and policies and the results are clear and obvious. If data needs to be controlled, use a terminal or at least remote desktop to get to it. Sure, you can have Windows on every desktop and workstation as long as access to critical data can't be available through a drive letter or other network mapping.

Why worry? (0)

Anonymous Coward | more than 5 years ago | (#27029787)

Iran is America's new best friend in the Middle East.

Deliberate. (4, Interesting)

lawrenceb (106971) | more than 5 years ago | (#27029791)

Funny how this should happen so recently after Obama and McCain publically agreed that the plan to replace the aging Marine One fleet should be cancelled...

http://www.nytimes.com/2009/02/24/us/politics/24chopper.html [nytimes.com]

Re:Deliberate. (4, Interesting)

cicho (45472) | more than 5 years ago | (#27029905)

Here's more. The new Marine One fleet was to be built not by Sikorsky, as has always been the case, but by an Italian manufacturer Finmeccanica. Apparently the bidding and selection process itself was suspect, and pilots objected. This may also be why Obama wants the project reviewed. The article below posits a particular theory about the apparently crooked deal with Finmeccanica, which may or may not be correct, but the facts remain regardless of their interpretation:

http://www.alternet.org/audits/127832/ [alternet.org]

planted fakes? (2, Insightful)

Bobtree (105901) | more than 5 years ago | (#27029811)

If I worked for US counterintelligence you can bet I would develop and plant fake leaks that sound just like this sort of thing. Then again, I may be giving too much credit. Occam's Razor prevails.

BULLSHIT (0)

Anonymous Coward | more than 5 years ago | (#27029839)

I cry bullshit on this. I don't believe this crap at all.

We get the reports recently of AFIT building an anti-file sharing box, and then we hear of all these other 'dangers' of file sharing programs.

I work for a contracting company, and I know damn well that this isn't possible from the military side of the house. So, if some info got loose, then this is because some asshat 40+ year old contractor took his damn laptop home with sensitive information, and voila, instant file loss.

highly sensitive blueprints for Marine One (3, Funny)

julian67 (1022593) | more than 5 years ago | (#27029843)

plz seed

What a coincidence! (1, Informative)

Anonymous Coward | more than 5 years ago | (#27029913)

What a coincidence that a security breach on the president's current Marine One became known right after he nixed the multi-billion dollar plan to get new ones.

http://www.nytimes.com/2009/02/24/us/politics/24chopper.html?ref=politics

Huh (1)

Snowspinner (627098) | more than 5 years ago | (#27029933)

Maybe the helicopter he has isn't adequate after all.

Outsourcing the wrong way (1)

meist3r (1061628) | more than 5 years ago | (#27029951)

And suddenly your sources were out ...

I am really astonished by what can call itself a "defense contractor" in the USA. Most other places probably have similar idiocy in place but this is just laughable at best. You entrust a company with the security of your files (let alone the nation) and they can't set up Kazaa so it won't share "C:\Documents and Settings\All Users\National Secrets"? Wow ... and I thought the credit crisis was a problem of epic proportions.

My Experience... (1, Informative)

Anonymous Coward | more than 5 years ago | (#27029953)

I was on my ship-won't say which one-processing our morning traffic, and we'd recently switched over to using Outlook on the secure lan. There was an airgap between the SIPR and NIPR side of the house, so there were no worries, or at least there shouldn't have been.

Well, I'm processing the UNCLASS traffic, and what should come into the ship's inbox but an email from outside email address. I clicked on it, and Norton went berzerk, locking it down and freezing it before it could do anything. I forget which virus it was, but this was back in the late 90's.

Since it was safe to look at using notepad, I dug into it and found out the email itself was what we call a "MOVEREP", or ship's movement report. Those are classified, usually confidential. You don't want the enemy to know where you are going to be, after all.

It turns out the captain had carried the moverep home on a floppy (sneakernet ftw) to work on it, and had inserted it into his home machine. BIG no-no. And the machine-which was infected-dutifully grabbed the message and sent it out as a virus-infected file to everyone in the captain's private email list. Based on the TO: field, I'd say there were some 75 people that got a slightly jumbled moverep mixed in with private email and porn, and a serious case of "WTF-itis"

The captain didn't get in too much trouble, since it was later learned that sneakernet editing of movereps was actually quite common in those days. LOTS of work got taken home, and officers were already kind of lax about security. But it still highlighted a serious security risk and that hole was quickly plugged. All the officers got additional training, and ship's captains got private lines installed at home if they needed it.

One of the less painful "lessons learned" I've had the chance to witness.

Nothing to worry about. (3, Funny)

eiapoce (1049910) | more than 5 years ago | (#27030001)

Don't worry, I am sure the Iranian ISP has a three strikes policy and terrorists will be soon cut off the internet.

Last Line (1)

Oakk (1453545) | more than 5 years ago | (#27030013)

"Rep. Jason Altmire, D-Pa., said he would ask Congress to investigate how to prevent this from happening again."

Seems like the best way would be to fire anybody in the IT department, possibly the entire company.

Hmmm (1)

Zooperman (1182761) | more than 5 years ago | (#27030055)

The Congressional investigation mentioned in the original story (which would potentially cost millions of course) wouldn't be necessary if people would just effing learn something about how computers work. Investigation complete. Can they just give me the money instead? =D
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>