Pretty damned stupid, I guess, to have sensitive national security information on your computer and use a file-sharing program at the same time on the same computer!
Now, if I were a conspiracy theorist, which I’m not (usually), I’d think it was a hell of a coincidence that just last week President Obama reacted to McCain’s disingenuous whining about an order of new Marine One helicopters (that were ordered and fucked up by Bush) that have dramatically jumped in cost from $6.1 billion to $11.2 billion, by saying that he’d look into the matter because the current Marine One fleet seemed just fine to him, and then within a matter of days, something comes up that would seem to be a dangerous security breach about the old fleet, perhaps prompting thoughts that well, maybe, you know, Obama better go ahead and get the new helicopters after all instead of canceling the order. Can’t be too cautious, right?
But, nah, that’s crazy loony talk! It’s just a coincidence. It would, however, be mighty interesting if that “embarrassed” employee soon started driving a fancy new car, and maybe going on expensive vacations.
One man’s conspiracy is another man’s lateral thinking.*
Personally, though, I always assume Hanlon’s Razor applies. An inadvertent firewall breach is more likely than deliberate sabotage.
Joke. I do not condone national security breaches, especially deliberate ones for the purposes of justifying expenditure, no matter who the President is.
Presumably, this means that there is a file-sharing program that shares, by default, the user’s entire drive or at least their “user” or “my documents” files. I’ve used a lot of different file-sharing programs, and I’ve never encountered one that does that. Usually, they have their own sub-directory and you have to explicitly configure what directories to share.
Some news program (on NBC, I believe) last night was talking about one couple and how their tax returns info was “shared” out and stolen by an identity thief via a file-sharing program. The couple claims that their kids installed it and they didn’t know what it was, they just thought the kids were listening to music.
I would suspect some trojan downloaded via the service (disguised as a movie file or something) rather than the program itself.
Oh, and Equipoise, it wasn’t national security info in question but I’ve seen some hardcore viruses and other bad stuff on research computers before. It wouldn’t surprise me at all if someone actually did get a downloaded Trojan onto that computer.
I’m not too sure if the smell test hasn’t been passed. I know a guy who had an identity theft problem that he traced back to a peer-to-peer application.
Then again, he was later arrested for embezzlement, so what do I know.
I’ve seen people before, out of laziness or ignorance, just select the top tree (root) of their disk instead of managing where files come and go. Most people do not know the difference between user/admin/shared locations or care to know the difference.
You know…the same people whose desktops are littered with unused shortcuts and multiple leftover installer packages for iTunes and Acroreader?
What I found much more intriguing about this article is that we apparently have companies who get paid to go rummaging around through machines in Tehran and can do it with enough accuracy that they can figure out where the files came from originally…
Sort of reads like a plot from 24 – "We’ve got the plans for the avionics package, so now we’ll take control of Marine-One and * rule the world! *.
Early P2P clients (Kazaa, Limewire) did indeed share the mydocuments folder by default. Often, word processing programs have similar naming conventions for the auto save draft. In addition, most of those clients had a “search other documents by this user.” If one finds a juicy lead they literally have access to someone’s entire document library.
Honestly, I’m surprised there haven’t been more stories like this one.
This statement kind of suggests to me you’re ignorant. Characterizing a Senator’s concern over government spending as “disingenuous whining” is ludicrous, and also shows you’re completely misinformed on the situation at hand. I suppose in the race to condemn any comments made by the evil Republicans towards Obama you probably weren’t aware that McCain had been complaining about the cost of the new Marine One fleet since long before the election. So it’s obviously not a complaint that came up just because he doesn’t get to fly around in them.
Even more interesting Obama himself had the same complaints during the campaign! And they are both in agreement that at present the new fleet is way too expensive. Moreover a general concern over the cost overruns of the new Marine One fleet were used several times in the past few years to highlight some of the serious problems with DoD acquisitions processes–this wasn’t a random dig at Obama from McCain, and even Obama didn’t take it that way (because thankfully he actually appears to understand issues before opening his mouth about them unlike many of his supporters.)
Yup, some can also be configured to search your drives for shareable files – if you’re into filesharing e-books that might pick up some stuff you didn’t intend to share.
I remember at the dawn of file-sharing that you could search for passwords.txt and generally get real files where people stored their passwords so they wouldn’t forget.
You used to be able to do the same thing with numpties that had accidentally pushed their whole documents folder to the web. Not that I was doing anything bad, you understand, I was working for IT security at the time and I collected examples of stupid.
I don’t doubt that if you fired up a p2p program today and poked around you could find some stuff people didn’t intend to share. But be careful, a number of these things are honey-traps set by spammers and hackers (and probably some legit security people).
Martin Hyde, thank you for that information. You’re right, I wasn’t aware that McCain (or Obama) had spoken up about the helicopters during the campaign. My apologies to McCain.
I know! I thought that was interesting too. Plus the fact that Wesley Clark is an adviser to that company. Why isn’t he in the Obama Administration anyway?
You seem to be dismissing the threat. This is not a case of learning how to build a helicopter, and how much these cost. It is learning the security features - not just that they exist, but what they are, their specs, and potentially how to get around them. That’s why it is serious.
I know nothing about this stuff, but if they have the avionics information, couldn’t a bright and inventive electronics/computer guru possibly find some way to control the helicopter from the ground via remote control? I have nightmares about that sort of thing causing the helicopter to crash.