File-Sharing Program On Defense Contractor's Computer Allowed Access To Sensitive Info

During a recent computer traffic analysis, Pittsburgh-area-based internet security firm Tiversa discovered a security breach that had resulted in sensitive information about Presidential helicopter Marine One falling into the hands of a computer network based in Tehran, Iran.

Tiversa traced the information back to a Maryland government contractor, where access was inadvertently provided by an employee's download of a file-sharing program which allowed others to view files containing government blueprints and avionics specifications on Marine One, via a P2P protocol.

Tiversa CEO Bob Boback told Pittsburgh's WPXI-TV, "When downloading one of these file-sharing programs, you are effectively allowing others around the world to access your hard drive." Sam Hopkins, Tiversa co-founder and chief technology officer, told CNET the breach was discovered last fall, and brought to the attention of the Department of Defense.

"The entire avionics system of the president's helicopter, and various upgrades by contractors" had been accessed, Hopkins said. "In this case, it was over in Iran, where they were actively trolling for information. We weren't actively looking for this, but (the information) came back to our data center and matched one of our signatures which we then analyzed."

Hopkins went on to say that despite the use of secure networks, breaches are usually opened by the use of file-sharing. "Everybody uses (P2P). Everybody. We see classified information leaking all the time. When the Iraq war got started, we knew what US troops were doing because GIs who wanted to listen to music would install software on secure computers and it got compromised."

When asked his professional opinion about the scope of such breaches of security, Hopkins replied, "This is the biggest security problem of all time. Coming from me, it sounds biased. But you can get 40,000 Social Security numbers out there at the drop of a hat. We've had people come into our data center and we've shown them things that are out there on P2P and they go away with their minds blown."

FMI: www.tiversa.com