The Empty Quarter

So, I was reading an article today about the recent fiasco over the Marine One specs found on a P2P network source in Iran, when I came across this statement by the President of the company that made the discovery:

…Iran isn’t the only country that is sniffing P2P networks looking for information. “We’ve noticed it out of Pakistan, Yemen, Qatar, and China. They are actively searching for information that is disclosed in this fashion because it is a great source of intelligence.”

Yemen? Really? I just find this odd, at least odd that it would be one of only four named countries. Yemen is not normally known for being a bastion of tech-savvy computer nerds.

I don’t doubt that the Yemeni government would be interested in whatever information it could get its hands on…but where on a list of priorities does it really rate? Could this just be that CEO Boback figures a good way to sell his company is to raise some eyebrows by mentioning security-prone countries?

Marine One info leaked to Iran via P2P network – how did this happen?

by Steve Ragan - Mar 2 2009

The engineering, financial specs, and communications information used on Marine One, President Obama’s helicopter, were leaked over a P2P network to a system in Iran, according to reports. The leak was traced back to a defense contractor in Bethesda, Md. 

The information was discovered by Tiversa, a company that provides P2P monitoring and protection services to governments, corporations, and even individuals. The company says its technology can monitor over 450 million users issuing 1.5 billion searches a day. While doing routine work in 2008, Tiversa discovered the information and alerted the defense contractor.

Bob Boback, CEO of Tiversa, has said in various interviews that the file with the Marine One details was discovered on the Gnutella network. It is very likely, Tiversa stated, that the contractor didn’t even know it was handing out this type of information.

“Someone installed [Gnutella] and it may have been a buggy client. All it takes is for someone to say, “Hey, do you have anything on this client?” and it gets downloaded. We see 50 of those a day. There was a large publicly traded company which accidentally just disclosed all their forecasts and M&A plans throughout 2009. A person leaked all his files and all his internal e-mail conversations as well as his calendar and all his contact information,” Boback said in a CNET interview.

According to Boback’s interview with WPXI in Pittsburgh, Iran isn’t the only country that is sniffing P2P networks looking for information. “We’ve noticed it out of Pakistan, Yemen, Qatar, and China. They are actively searching for information that is disclosed in this fashion because it is a great source of intelligence.”

Trolling P2P sites is nothing new, criminals do this all the time. The problem is not that the specs for Marine One were discovered on a P2P network, nor is it that they are in the hands of someone in Iran. The problem is that a United States defense contractor failed to monitor what was installed on their systems.

Contractors, government or not, spend millions on network security. They have to, because with the business they are in, secrets must be kept. How is it a defense contractor managed to let a P2P client get past they layers of security and traffic monitoring that are supposed to exist?

The contractor who is to blame for this was never named. There is no way to know what measures were in place to protect this type of information. Likewise, even Tiversa admits that they are unsure just how sensitive the information discovered is. For all the public knows, the Marine One specs located are way out of date.

Should the government worry about this type of information leak? Yes, there is simply no reason for it to happen. Defense contractors should be held to the same strict information management

practices that government agencies are held to.

Now there is no denying the obvious irony that a company who monitors P2P traffic and security discovered sensitive information. This is a perfect way for them to prove that their solutions hold value. Yet, application whitelisting, strict policy enforcement on the systems, and strong DLP measures would also do the same trick.

Again, no one knows what value the Marine One specs hold, for all we know they are outdated and mostly worthless. In addition, no one knows what security measures were in place on the defense contractor’s network.

The solid fact is that something went horribly wrong, and someone is going to lose their job over this.