If you visit Washington, locals will point out when the President leaves in a convoy of helicopters, most of which are there to protect him from bad guys. It’s quite an inspiring sight. His helicopter is called Marine One.
But the helicopters are getting on in age, so there has been some discussion about an overpriced helicopter that was to be bought to replace the President’s aging Sikorsky Sea-King helicopters, that transport him to and from the airport.
Presumably, information and technical data of the new helicopter should be top secret, partly to stop “industrial espionage” (stealing the design by another company who can make it cheaper since they don’t have to do research) but also for security reasons. I presume an expert might spot a weak spot in the design and could use it to harm the President.
But now, it seems, the data on the new helicopter has been found on line in Tehran.
The strange thing is that the security “leak” was picked up in June by a security firm Tiversa.
In June, Tiversa said it warned the federal government that an IP address in Iran was searching for information.A few months later, Tiversa said they discovered the helicopter documents while searching file-sharing programs, but at that time they hadnâ€™t been downloaded to Iran.Then last week, Tiversa discovered those same documents had been downloaded to the IP address in Iran.
That really makes me safe. The “copyright” police are right there threatening teenagers who “share” Brittany Spears music, but no one seemed to have been bothering to trace those who had downloaded the top secret helicopter information on their hard drives.
Apparently someone who had the plans on their hard drive also was using Limewire, a “P2P” software program that lets you share information over the web.
For example, if you want to download and listen to Matt Monroe’s “Born Free”, you simply install Limewire on your computer, and then do a search for “Matt Monroe” or “Born Free”. The search engine will search specific folders on the computers of everyone who is on line using the program until they find the song.
When you install the program, it allows you to decide what folders contain files (songs, movies, porn) you want to share. If you are careless, you might accidentally “permit” downloads from folders that have personal information or files that you don’t want to share with others.
Apparently, that’s what happened here, and presumably the culprit was a defense contractor who had accidentally allowed Limewire to download information from a folder that contained the information about the helicopter.
So all the bad guys had to do is find the right file name, and voila: mission accomplished.
The older “Limewire” program, you didn’t even have to know the correct filename: it even allowed you to search all the permitted folders on someone’s computer. Let’s say you found a song by Matt Monroe to download. You could ask Limewire to search the open files of the guy who had that song on his computer, and voila, you can download his Nat King Cole and Frank Sinatra songs too.
The leak has resulted in the Obama administration calling for a major overhaul in security for those who have access to top secret programs, which have been lax:
The US Government Accountability Office criticised the Department of Homeland Security last September for failing to “satisfy its cybersecurity responsibilities”, while a congressional panel warned in November that cyber-espionage efforts from China posed a growing economic and information security threat.
If your business has lost information via P2P, Tiversa has this checklist on how to handle the problem LINK.
Presumably, someone who allowed the program to float for several months on the Limewire P2p network without trying to stop it or check who had the information will be sent a nasty letter.
And finally, StrategyPage notes that the newer “bittorrent” type programs are safer from a security standpoint, since they don’t allow the “search my drive” option.
The best quote in this major security breach is this tongue in cheek comment from Gizmodo:
the leak happened because an employee…accidentally stored the files in a P2P folder… Before long, the files had been uploaded to ~~xOsamaFanIran74x~~ and the intelligence community fell into a tizzy, all because some guy wanted to catch up on Big Love during his lunch break.
Nancy Reyes is a retiredÂ physician living in the Philippines.Her website is Finest Kind Clinic and Fishmarket.