Comments on: Data about Obama's helicopter breached via P2P?

Security company Tiversa says Iran has obtained engineering and communications information about Marine One, likely via a compromised file swap on a peer-to-peer service.

[ddhboy]

I hope someone told the Obamas to turn of Limewire while their in the White House.

[Imalittleteapot]

Too late now. Now the RIAA is just going to have to sue Obama for $100,000 per song. Yup. That'll teach him.

[txlakeside]

DA ... a contractor had the p2p installed not OBAMA ... what a moron!

[ddhboy]

@xlakeside
I see that humor isn't your area of expertise.

[terminalblue]

seriously, if Obama is using Kazaa, then we are all ******







(its sarcasm, no one uses Kazaa)

[gerrrg]

Maybe the title should read, "Data regarding Obama's helicopter breached via P2P?"

For a moment I thought data onboard the helicopter itself was compromised.

[Michichael]

Yeah, misleading title. I thought the helicopter's computers were breached, not the schematics.

[cjalba]

yeah, i agree, title is misleading. I almost panicked.

[dennisl59]

This is just f-ing great! Good Job Federal Government. MORONS!!!

We need to know who this is:

"What appears to be a defense contractor in Bethesda, Md" (General Dynamics, SAIC...???)

Who and how many employees are being fired and arrested by the FBI and were they on a H1B visa.?

Citizens, this is Espionage!!!

FUBAR

[defense10x]

Well...Lockheed Martin...who is building the next presidential helicopter (which this issue is probably about) is headquartered in Betheda, Md. Their helo..VH-71 is under heavy scrutiny by the administration as well as the senate.

[inverse137]

First off, it says in the article that it was a contractor that had the compormised computer, not a government employee: "What appears to be a defense contractor in Bethesda, Md., had a file-sharing program on one of their systems that also contained highly sensitive blueprints for Marine One."

Second, you obviously have some sort of white supremacist, hillbilly NRA agenda. Why don't you just come out and say it?

Third, reading is fundamental. Perhaps you should memorize that slogan.

[Editor's note: Personal attacks removed]

[Seaspray0]

@inverse137. Have you ever seen the white supremacist hillbilly NRA agenda? I'm not supposed to tell but... "1. Get beer. 2. Drink beer." Now what's so wrong with that? I think it's a great agenda. Where can I sign up?

[mikestatic1]

I'll bet the RIAA is going to sue Obama for sharing MP3's on Limewire...

[tehrani625]

So, our government is contracting to companies that use P2P software that is used to break copyright laws? That means that the recovery package will include free itunes gift cards right?

[shootthecops]

funny it takes place in iran too, hope the US govt has the sense not to fly him around in that thing after all the security details have been leaked.

[pbradleyii]

This is just an excuse for President Obama to go ahead and get the snazzy new billion dollar helicopters that are already being developed and built for the president after he said he didn't need any new helicopters.

"Well, I really don't want to spend the taxpayers money, but now with this data breach we have to get the new choppers..."

I don't blame him, I'd go for the new ones also.

[BigOldCar]

Um, no, I'm pretty sure it's the blueprints to the NEW helos that were leaked, seeing as the existing fleet of Marine One helicopters has been ferrying around POTUSes since Nixon.

[ecotopian--2008]

Somebody at that Defense Contractor outfit is going to be in Very Big Trouble.

[tketcher]

Yes, among other crimes he would likely be charged with is Treason and rightfully so.

[adamfisk]

As a p2p developer who wrote a good deal of the LimeWire code, I'm highly suspicious of this claim. For this to be true, the employee at the defense contractor would have to explicitly share the file containing blueprints for the helicopter, i.e. they would have explicitly wanted to make that information available. This would be less a "breach" than an intentional sharing of confidential data -- more like a spy than some infiltration.

What's more, how do they know it was breached via p2p and not via another attack on open ports on the computer? It's not trivial to determine that. Just blame ol' p2p is the easy answer, but likely not the correct one.

-Adam Fisk

[AdeBarkah]

Explicit sharing is not necessarily needed.

Unintended p2p breaches usually happen because someone in an organization installed a compromised p2p client, i.e., one containing a backdoor, trojan, keylogger and/or other malware. The compromised client then sends out confidential information along with other p2p traffic. Social engineering could be used to entice someone inside a targeted organization to install the compromised client.

I don't have first-hand info into this incident, but presumably Tiversa during their traffic analysis noticed that this particular file was actively being shared via some p2p protocol.

Looks like this particular organization needs to implement an effective data-leak prevention program.

[japrovo88]

I would agree with AdeBarkak, I work computer support for my university, I get to remove the mail \ware crap daily, one thing I noticed when all the students came back from winter break was that almost all mailware cases had a compromised p2p clients with some really nasty back doors. Since P2P is blocked on campus this problem only occurs after breaks I am not looking forward to coming back from spring break.

[adamfisk]

@AdeBarkah What you're talking about has nothing to do with p2p or not-p2p. You're saying "software can get infected with backdoors, trojan, keylogger and/or other malware." As in, the browser you typed that on is just as vulnerable as any p2p program, just as vulnerable as Microsoft Word, Skype, AIM, etc etc etc. Come on -- as someone who clearly has an understanding of this stuff, you have a responsibility to make that kind of thing clear. There are so many ports listening on Windows, p2p is hardly the primary target of this type of thing. What's more, he's not even saying it was a compromised p2p client -- he's just saying a plain old vanilla one was friggin' installed.

They noticed it being shared on a p2p network, *but that doesn't mean it was the cause of the breach*. For all we know, or Tiversa knows for that matter, it was flying around in e-mail all over the world before ever winding up on a p2p network. That's just where they happened to find it (again, in Iran, shocker of shockers).

[Anti-Obama]

How much do you want to bet that it was no f'ing "breach" of security? More like that maybe some individual's personal Blackberry that only a select few are able to comm with may have been involved, hmm? There just so happens to be someone who is a passenger on that chopper that does not have the best interest of the USA on a regular basis. In fact his citizenship is becoming a growing question and concern among a growing portion of the population right now! I won't tell you his name but his intials are Barak Obama/Soetero who just so happens to be a fan of Ahmadinnerjock. There is way too much monkey business going on in DC these days, how much is actually being observed?

[cidman2001]

Step away from the tin foil....you obviously don't need a new hat...

[Dylan_Wisor]

You're behind the times. People stopped calling his citizenship into question months ago.

Also "Barak Obama/Soetero" are not initials.

[chicagonettech]

Whether or not an actual breach of security took place, if an actual file was found on a computer outside of the contractor's facility, this situation needs to be investigated.

There have been too many unaccounted laptops and hard drives in recent years. There have been too many actual instances of data leaking out of facilities for this to be ignored.

In the interim, all computers on the contractor's network need to be disconnected from the world - shutdown if necessary. While many will consider this a radical step, there is nothing too radical when it comes to absolute computer security in a defense contractor or high-level government environment.

We're not talking about someone?s rights to load software on a computer here. We're not talking about someone's right to share files with friends. Those rights end when you go to work for defense contractor. You authorize inordinate supervision and surveillance of yourself, your family and your friends as soon as you accept such a job - willingly.

Carelessness and sloppiness - "we can bend the rules just this one time" - is unacceptable when it comes to national security.

A complete audit of the contractor's facility, done by someone like the FBI, now needs to be made.

They need to investigate who has access to what computers, what knowledge, how the internal data flow take place, how social engineering security is handled, etc. Defense contractors need to be "squeaky clean" before they are allowed to continue once a date breach has even been alleged.

[gggg sssss]

microsoft digital rights managemnet is the answer here of course. Go M$

[Seaspray0]

@gggg sssss. It's the data that contains DRM, not the operating system. You've been told this before so quit acting ignorant. As for DRM, it's an industry standard based on computer certificates. If you want to compain about that, you'll be taking on verisign, thawte, go daddy, and every website that offers a secure SSL connection.

[nowaygop]

wow, it must be tough to live your life completely paranoid Anti-Obama....or maybe your just carrying forward to the distrust created by our last dumb ass republican leader

[chicagonettech]

On the contrary - I voted for Obama - he's was my Congressperson prior to being elected to President.

I just believe in being paranoid about all kinds of security - especially computer security - where I have worked for the last 25 years without incident. There are certain jobs where you give up some of your ability to interact on the same social level you might have been accustomed to acting prior to accepting those jobs. Working for a defense contractor is one of them. Just like working for the FBI, an one of the several other intelligence communities, or being a member of the military is another.

I fully support both Obama and his desire to be open and transparent about what goes on in government. His use of the Internet to communicative with the American people is unprecedented and will ultimately be of great benefit.

When it comes to the security of contractors who are working on projects for the military, however, there is no place whatsoever for compromise. If the plans for Marine One were actually compromised then the situation borders on treason and should be treated accordingly.

[ralfthedog]

I think he was talking about the comment by the paranoid wackjob named Anti-Obama. Your comment was perfectly reasonable.

[ferretboy88]

The guy who did this should be killed.

[dennisl59]

I will bet ONE(1) TRILLION DOLLARS, of the Government's Money, the person that did this is on a H1B Visa.

OR

They hold the DOD Top Secret/SCI Polygraph;Lifestyle Clearance or above.

Either way...They will not be prosecuted to the fullest extent of the law: Life in Prison without Parole in SuperMax.

Anyone care to wager?

[Dylan_Wisor]

Oooh, ahhhh. Someone's been reading Tom Clancy novels.

[blablainFargo]

And I bet TWO (2) TRILLION DOLLARS, that the person is not on an H1B visa. Typically this kinds of jobs require some security clearing and require citizenship. You can even get a job at the USDA working with plants without citizenship. Besides, you don't have to be a foreign to become a spy o have interest in damaging the USA, remember Julius and Ethel Rosemberg or Aldrich Ames. I suspect you and others trying to blame this on foreign workers are a little bit over-paranoid and xenophobic.

[skyscraperjim]

Loose lips sink ships.

[451422]

Here we go. First the nim-rod claims during his campaign he'd give four days notice before signing the recovery plan. Right, he went on vacation and the recovery.gov site didn't go up until a day before. Then he insists on keeping his BlackBerry (that will get breached next). Now he's a dingleberry with this stunt. God help us all.

[JimJonesBlog]

If I didn't know better, I would think you voted for McCain. lol

You do realize that this breach was due to an employee working for a private defense contractor? That it has nothing to do with Obama or the White House?

You do realize that a breach of this nature will make Marine One vulnerable to attack and therefore Obama's life is in danger should he use this air craft in the future?

Btw - He indicated weeks before Congress passed the recovery bill that he planned to sign it on President's Day. The bill was passed on a Friday and he signed it on the following Tuesday... Fri, Sat, Sun, Mon, Tues... How many days was that? He said for several weeks that as soon as the bill is signed, Recovery.gov would go live. The site went live about an hour before he signed the bill. And in this day in age, wouldn't you rather have a president that uses modern technology like a Blackberry rather than sitting around a desk and handwriting letters?

God, please help 451422.

[ralfthedog]

The Blackberry is not for official use. It is so he can send text messages to his kids, wife, and friends. If he needs to communicate in an official matter, one of his Secret Service agents hands him a different device.

[podpalacz]

what is so secret about it? you don't need any plans to KNOW that this halo is equipped with best missile countermeasures available ,extra fuel ,most likely armored etc.

now how possibly can you use it against this chopper?
much more viable data is flight plans and patterns - you could potentially use it to set an ambush or something but as soon as breach is discovered everything is changed .
you have question -is this being used to warn Iran that WE CAN FIND A REASON?(just like previous administration did on Iraq)
When I hear news like this I think it means smoke curtain for something bigger.

[ralfthedog]

Where is the armor thin? Where are the fuel lines? What ECM does it use for radar guided missiles? (How can you use this to guide a missile in?) Where are the antennas used for ECM? ...

[Seaspray0]

@ralfthedog. I don't know. Maybe you should ask that guy in Iran who has that IP address.

[kurtjr]

I love how everyone is blaming Obama. Idiots.

[SeizeCTRL]

After 8 years of everyone blaming Bush, it's kind of refreshing having someone new to blame ;)

I kid I kid! Seriously though, I know what you mean... it has nothing to do with Obama. It was a defense contractor and these choppers were already on order from the Bush administration.

[Cessna707]

Perhaps we can thank who for this failure? Where are the Chuck Norris's in our government to kick some butt and get everyone on the same page. So what do we do now? More wasted money.

[sirpig]

espionage is a "daily" reality. Evidently stolen data is not the first time this has happened nor will it be the last. Everyone "takes/steels" information, the Russians from Chinese, the Chinese from Americans and the Americans from the Russians. "This has become an ongoing norm". And just because you heard about it and want to jump up and down and see someone take a fall. Maybe out a CIA agent?