News
Blogs
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
IT Careers
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Industry
This Week in Print
Print Subscriptions


Ads by TechWords

See your link here


IT Blogwatch's picture
IT Blogwatch

A Daily Digest of IT Blogs from Richi Jennings

More posts | Read bio

March 2, 2009 - 5:37 A.M.

Iran leeches Obama's helo. plans, peer2peer

5 comments

In Monday's IT Blogwatch, Richi Jennings watches the fear, uncertainty, and doubt surrounding the discovery of Marine One blueprints on a peer-to-peer network. Not to mention how extra airline fees may have gone too far...

WPXI-TV's Target 11 team reports from Pittsburgh:

Marine One (U.S. Marines; public domain)A Cranberry company that monitors peer-to-peer file-sharing networks discovered what it said is a potentially serious security breach involving President Barack Obama’s helicopter.Tiversa employees found engineering and communications information about Marine One at an IP address in Tehran, Iran.
...
Tiversa also found sensitive financial information about the cost of the helicopter on that same computer ... Bob Boback, CEO of Tiversa ... said someone from the company most likely downloaded a file-sharing program, typically used to exchange music, not realizing the potential problems.more


John Byrne adds:

A Pittsburgh-area company ... found a file detailing the helicopter's blueprints and avionics package, which it then traced to its original source ... Tiversa notified the U.S. government immediately so that the security breach and its potential effect on President Obama could be dealt with.
...
Retired Gen. Wesley Clark, an adviser to Tiversa, said he knows exactly which U.S. computer leaked the Marine One information, and that that person may soon be unemployed.more


Rex Dixon is royally mad: [You're fired -Ed.]

Here is the first issue - Why was a government contractor not trained to know that having LimeWire or BearShare on a computer with sensitive planned engineering upgrades, avionic schematics, and computer network information is a big no-no? Secondly, and even more important - What pirated music or movies is that important to have during work hours?
...
As of now, the above seems to be the only information we currently have on this. Until more information is out there, if I were President Obama, I think I would take ground transportation until the total security of Marine 1 can be accounted for - bolt by bolt, screw by screw, and wire by wire. Sorry if that sounds like someone has a long few days ahead of them, but we can’t be too complacent about the security of the President of the United States.more


Omar Ha-Redeye has the IT angle:

If Marine One can be hacked, ABC LLP is probably not that much more secure. Network administrators should probably monitor for peer-to-peer programs that may expose vulnerabilities to confidential client information.more


jd142 clarifies:

Many of the old school peer to peer file sharing apps *by default* shared your documents folder. You could turn it off, but most people don't.

Many confidential files have been leaked this way ... If you were a company or nation involved in espionage, getting on a p2p network and searching for files with obvious names would be a good place to start.more


Rich0 is astounded:

Data like this shouldn't even be on a computer with a physical link to the internet at all. Classified data should stay on classified networks. Period.

I know a guy at a defense contractor. They isolate their networks containing classified data. If they need to remove a file from the room they reimage a desktop with a known safe image, copy the file onto that PC from a CD burned from a classified PC. They then scrub the files with software that does stuff like wipe unallocated space, check for word versions, PDF comments, etc. Then that desktop is used to burn a new CD with just the intended files. Then they securely wipe the desktop. That one CD that was created in this fashion is then allowed to leave the room.more


Dun Malg invokes Hanlon's Razor:

With the VH-71 Marine One replacement program getting the stinkeye for its ridiculous cost overruns, for once the conspiracy thing has me suspicious. It's likely the plans being on P2P part is entirely coincidence, and the publicity of the incident is the conspiracy, but I can see it happening. The question now is, which Marine One plans are they? Are they the plans for the helicopters currently in service, and the conspiracy is trying to save the VH-71 program, or were they the VH-71 plans and the conspiracy is trying to kill the VH-71 program?

Really though, it's probably just unrelated coincidence. Most things like this are completely unplanned. Conspiracies require competence, and you just don't find that in government much.more


LordEd has A New Hope:

If the Rebels have obtained a complete technical readout of this helicopter it is possible, however unlikely, that they might find a weakness, and exploit it.

Does the helicopter have a long trench leading up to a ventilation shaft?more


And finally...

Buffer overflow:

Previously in IT Blogwatch:

Other Computerworld bloggers:


RSS feed icon Like this stuff? Subscribe to the RSS feed.

Richi Jennings is an independent analyst/adviser/consultant, specializing in blogging, email, and spam. A 23 year, cross-functional IT veteran, he is also an analyst at Ferris Research. You can follow him on Twitter, pretend to be Richi's friend on Facebook, or just use boring old email: blogwatch@richi.co.uk.

What People Are Saying

Add new comment

In a situation of crime and

Submitted by Sysuser on March 4, 2009 - 11:17 A.M.

In a situation of crime and security, it is usually good to follow the money while starting an investigation, Who gets to gain from the leaking of the Marine One specs.

1. Does Iran get to gain security advantage by having the specs of Marine One leaked.

2. Does someone else get to gain "another" type of advantage by having the specs of Marine One leaked.

Answer:
-------

...its easy to kill a dog by first giving it a bad name....

First and foremost,

At face value one would think that its true, that Iran was trying to obtain and utilise the security and design details of Marine One. On one hand one can deduce that Iran is trying to gain military leaverage by obtaining the military specs of Marine One.
Yet on the other hand, one starts to smell a rat when you realise the following:

1. it is not in the interest of Iran's military ambition to bring about increased suspicion upon itself, attempting to get the details of the Marine One in itself would have been a stupid step at keeping under the radar.

2. The military industrial complex benefits financially whenever there is a war, security threat or rumour of war, hence the detail of the Marine One could easily have been planted in a way the would make the public perceive Iran as an iminent security threat to the President of the United States. Remember all evidences and investigations point to the fact that Neo-cons deceived Americans into going into a War with Iraq and Afghanistan by planting the false information that Taliban and Saddam had something to do with the 911 attack, despite the fact that evidences point to the contrary.

3. Neo-conservatives are a branch of the New World Order hence it is no suprise a lot of Geo-political Manipulation of the World and the America citizens is being done in other to bring about an establishment of their goals and plans through fear mongering.

4. Neo-conservatives are looking for every possible reason to go make the US go to war with Iran.

5. Military Industrial complex gains financial benefits from the security fall out of having to protect the president from a new security loophole that has been created as a result of the leaked security details of Marine One.

6. The President just recently scrapped the recent development of a "New Presidential Helicopter" (an undesirable loss of money to those who have already invested in the project), hence it is in the interest of those private investors if the President can be forced to continue the development and procurement of a new generation of Presidential Helicopters by making sure that the current Presidential Helicopter i.e. Marine One becomes a security risk by leaking its details to the visible perceived threat to the US (i.e. Iran in this case).

7. Iran is not really as sophisticated as Neo-Cons would want everyone to believe.

8. Marine One specifications could easily have been leaked to the Irans as a bait through which Neo-Cons would then have a reason to call Iran a security threat such that it would thus be easier to drum up support for a reason to attack Iran.

9. Linking the leaked details of Marine One to the Iranians is a good way for Neo-Cons to manipulate the American public into thinking that Iran poses a domestic and foreign security threat to the US, because they end up manipulating the public into thinking that Iran has developed the capability to strike at the Marine One Presidential Helicopter.

I hope the American public would resist being duped into allowing US to wage a military campaign against Iran and I hope the US would resist allowing the Military Industrial complex to manipulate the people into continue to fund programs the continue to enrich the Elites and Neo-cons while impoverishing the general public.

Secondly, everyone needs to realise that just P2P networks do not share information by itself, rather it is people that use P2P networks to share information. information being shared via P2P networks can both be good and bad, however that does not warrant labelling P2P networks as completely evil in itself. Also it is an open secret that Neo-cons and the New World Order have being doing everything possible to restrict the freedom of the internet and the American people, hence it is easy for them to also use the case of the leaked Marine One details to further introduce measures that further restrict the freedom of information and freedome of the internet.

Hence i also hope the american people would also resist this attempt at introducing further laws and controls that would ultimately further restrict the freedom of the american people.

Reply | Report this comment

TINNWO

Submitted by IT Blogwatch on March 4, 2009 - 11:33 A.M.

Ah, the New World Order. Right.

Yes, now you put it like that it makes perfect sense...

Reply | Report this comment

Sounds like hype.

Submitted by Brad F on March 2, 2009 - 10:02 A.M.

Problems with this,
1. Classified information on an unclassified and public system and network.
2. Ability of the employee to install unapproved software onto the PC, especially a software used primarily for the pirating of software, and other copyrighted material.
3. Corporate Network monitoring usually prevents use of P2P software through port blocking measures to protect the network from probing and network attacks.
4. The upgrade/replacement of Marine One, was postponed due to costs and the economy.

To me this sounds like a company afraid to lose their contract, and an administration forced to use an older helicopter, sabotaging, staging, or fabricating the entire event so business can continue moving forward as planned without public backlash.

The Deal is tainted,... Find a new contractor, this one has no concerns for security.

Reply | Report this comment

Your point number 2 and 3...

Submitted by Anonymous on March 2, 2009 - 1:17 P.M.

May I remind you also that cars as opposed to bicycles are primarily used to commit bank robberies and other crimes.
Back to earth now, P2P client allows you to download legal as well as illegal software or content so stop saying P2P equals pirating.
Oh, and for your information, I always download my legal copy of Linux via BitTorrent while I download cracks, serial numbers, key generators and other pirated stuff using plain old HTTP protocol in my Internet browser... Just kidding!!!
As for your point number 3 it's getting worse. You're trying to tell us installing P2P equals network attacks from outside...
I'll just stop here but not before thanking you for entertaining us.

Reply | Report this comment

You're being defensive and missing the point

Submitted by Anonymous on March 2, 2009 - 5:33 P.M.

The previous poster was describing how this reflects a company not interested in securing the President, but instead staging an event to continue lucrative contracts. You're freaking out over how P2P can be used for other uses besides music "sharing". Espionage and corruption are two more.

Reply | Report this comment

Related Posts

Skype caught in Chinese PR SNAFU
USAF email security SNAFU in UK (and no-shorts.ar)
Google Chrome bug bounty: download $1337
Security lies #1: "You're protected from newly-infected web sites"

Editor's Picks

Attacks likely against Windows, PowerPoint, researchers say

Mitch Wagner: Google Buzz buzzkill

Chinese artist-dissident lauds Google plan to stop censoring

Micron acquires flash memory maker Numonyx

Judge dismisses Windows anti-piracy software lawsuit

New Russian botnet tries to kill rival

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2010 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.