Sunday, March 1, 2009

Marine One Plans in Tehran - File Sharing Software and Sloppiness

Information about Marine One showed up at an IP address in Tehran, Iran. Not the sort of generally-available photos and description that' publicly available. Sensitive engineering and communications data.

Not good.

It looks like a defense contractor in Bethesda, Maryland, had file sharing software on the same computer that contained the sensitive data. File sharing software can be useful and entertaining: It can let employees in a company communicate more effectively, or let people listen to nifty music on their computers.

And, some of those nifty bits of file-sharing software let others look around inside your computer. Not a very good idea.

When you're a company in Bethesda, with engineering specs for Marine One, it's a downright bad idea.

Good News: This Leak Was Found

A company called Tiversa is in the business of not being sloppy about cybersecurity - and spotting problems. Tivers'as CEO, Bob Boback, said, " 'We found a file containing entire blueprints and avionics package for Marine One,which is the president's helicopter.' " (WPXI)

Most coverage of this story, that I've seen, is on a Pittsburgh, Pennsylvania, station's website.

Some of it's good news:

"...Retired Gen. Wesley Clark, an adviser to Tiversa, said, 'We found where this information came from. We know exactly what computer it came from. I'm sure that person is embarrassed and may even lose their job, but we know where it came from and we know where it went.'... "

Some of it's not so good:

"...Iran is not the only country that appears to be accessing this type of information through file-sharing programs.

" 'We've noticed it out of Pakistan, Yemen, Qatar, and China. They are actively searching for information that is disclosed in this fashion because it is a great source of intelligence,' Boback said...."

Transparency and Openness: But Not About Marine One

It would be nice to live in a world where shop doors could be left unlocked at night, so customers could walk in, take what they want, and leave an IOU by the register. We could save a lot of money, if banks didn't need those big, heavy doors between their vaults and the rest of the building.

Here, in the real world, it's not safe to leave doors unlocked and unattended. And, it's neither safe nor smart to have intrusive file-sharing software on your computer.

When the computer has plans for Marine One on it, it's not just sloppy. It's potentially lethal.

Marine One Plans, Missing Laptops, and Sloppiness We Can't Afford

I've written - maybe harangued - before, along the lines of "there's a war on." This is Marine One snafu is serious. Maybe as serious as all that credit card information that gets stolen.

It would be nice, if Americans start un-learning the sloppy habits we've developed.

Related posts: In the news:

2 comments:

Capt. Anon said...

Check out http://www.globalpost.com/dispatch/pakistan/090211/exclusive-the-wrong-hands for more on the insecurity that results from a lazy approach to opsec.

Thanks again AWOTB for your diligent work!

Brian, aka Nanoc, aka Norski said...

Capt. Anon,

Again, thanks for commenting: This time with a URL. (http://www.globalpost.com/dispatch/pakistan/090211/exclusive-the-wrong-hands)

About "a lazy approach to opsec." - I've harangued about that sort of thing before. Using this blog's search function (upper left on screen) with 'sloppy' (no quotes) as a search term should get you to relevant posts.

And, my pleasure.

Unique, innovative candles


Visit us online:
Spiral Light CandleFind a Retailer
Spiral Light Candle Store

Blogroll

Note! Although I believe that these websites and blogs are useful resources for understanding the War on Terror, I do not necessarily agree with their opinions. 1 1 Given a recent misunderstanding of the phrase "useful resources," a clarification: I do not limit my reading to resources which support my views, or even to those which appear to be accurate. Reading opinions contrary to what I believed has been very useful at times: sometimes verifying my previous assumptions, sometimes encouraging me to change them.

Even resources which, in my opinion, are simply inaccurate are sometimes useful: these can give valuable insights into why some people or groups believe what they do.

In short, It is my opinion that some of the resources in this blogroll are neither accurate, nor unbiased. I do, however, believe that they are useful in understanding the War on Terror, the many versions of Islam, terrorism, and related topics.