Obama Helicopter Data Leaked Via P2P File Sharing
Tiversa, a security company based in Cranberry Township, Pa., reported that a security breach last summer exposed military information to an IP address in Tehran, Iran, that included engineering upgrades, aviation blueprints and financial information for Marine One, as well as communications and other computer network information, according to Pittsburgh station WPXI.
Bob Boback, Tiversa CEO, told WPXI that the company was able to trace the file to a defense contractor based in Bethesda, Md., and said that he believed the files were probably exposed, and possibly compromised, through a P2P file-sharing network such as LimeWire. The files were exposed over an open firewall port on the Gnutella network. In addition to the leaked classified information, the contractor's internal e-mail communications, as well as calendar and contact information, also were exposed.
Boback said that the insider responsible for the breach likely downloaded a file-sharing program to share music, not realizing the potential security risks involved.
Meanwhile, other security experts say that the popularity and momentum of file sharing have resulted in a barrage of security breaches via P2P in recent years, the majority of which were accidental.
"The average knowledge worker is probably not attuned to firewall settings. If there's something really damaging, it's probably going to be inadvertent," said Steve Yin, vice president of worldwide sales and marketing for Web security company St. Bernard Software.
However, Yin said that ultimately the defense contractor should have been responsible for managing and securing its ports to prevent information from leaking over the network.
In order to avoid these kinds of security breaches, businesses and organizations would be required to secure their networks with Web-filtering solutions, intrusion prevention and data loss prevention security measures, Yin said.
"Best practices say that you want to have those three layers. You'd expected defense contractors to have that. It's generally midenterprise and above that solid three layers plus security deployments," Yin said.
Yin added that regularly patching security vulnerabilities will help secure the infrastructure for smaller businesses with limited budgets and resources.
"Patches are available and not deployed and therefore exploited. You've got to take care of the stuff you've got," Yin said.
Meanwhile, Yin said that there could likely be an upsurge of security breaches this year and beyond as more laid off and disgruntled workers find ways to damage their employers by leaking or stealing confidential information during the down economy.
"People are under a lot of economic stress, and they're going to be doing things that they don't normally do," Yin said. "This is yet another example of how Web security is kind of meat and potatoes status for resellers."