File-Sharing Program On Defense Contractor's Computer Allowed
Access To Sensitive Info
During a recent computer traffic analysis, Pittsburgh-area-based
internet security firm Tiversa discovered a security breach that
had resulted in sensitive information about Presidential helicopter
Marine One falling into the hands of a computer network based
in Tehran, Iran.
Tiversa traced the information back to a Maryland government
contractor, where access was inadvertently provided by an
employee's download of a file-sharing program which allowed others
to view files containing government blueprints and avionics
specifications on Marine One, via a P2P protocol.
Tiversa CEO Bob Boback told Pittsburgh's WPXI-TV, "When
downloading one of these file-sharing programs, you are effectively
allowing others around the world to access your hard drive." Sam
Hopkins, Tiversa co-founder and chief technology officer, told CNET
the breach was discovered last fall, and brought to the attention
of the Department of Defense.
"The entire avionics system of the president's helicopter, and
various upgrades by contractors" had been accessed, Hopkins said.
"In this case, it was over in Iran, where they were actively
trolling for information. We weren't actively looking for this, but
(the information) came back to our data center and matched one of
our signatures which we then analyzed."
Hopkins went on to say that despite the use of secure networks,
breaches are usually opened by the use of file-sharing. "Everybody
uses (P2P). Everybody. We see classified information leaking all
the time. When the Iraq war got started, we knew what US troops
were doing because GIs who wanted to listen to music would install
software on secure computers and it got compromised."
When asked his professional opinion about the scope of such
breaches of security, Hopkins replied, "This is the biggest
security problem of all time. Coming from me, it sounds biased. But
you can get 40,000 Social Security numbers out there at the drop of
a hat. We've had people come into our data center and we've shown
them things that are out there on P2P and they go away with their