Are P2P networks leaking military secrets?

A new Web log is posting what it purports are pictures, documents and letters from U.S. soldiers and military bases in Iraq and elsewhere--all of which the site's operator claims to have downloaded from peer-to-peer networks such as Gnutella.

The "See What You Share" site has been online for a week and has published photos ranging from a crashed military jet to a screenshot of a spreadsheet file that appears to include names, addresses and telephone numbers of Marines.

The site's operator, a 30-year-old named Rick Wallace, wrote in a blog posting that he is trying to help the military understand how serious a security risk unmonitored peer-to-peer file sharing can be. CNET News.com could not independently verify the authenticity of the documents posted on the site.

"I want everyone to know that we can be our own worst enemies when we don't understand the full power of our technology," Wallace wrote in a posting explaining the site. "I want every military and government agency to see firsthand what is being shared with anyone who has a computer. Since a picture is worth a thousand words, I can save myself some talking."

Among the items appearing on the site were documents from a transportation unit at Fort Eustis in Virginia. A Fort Eustis spokesperson contacted could not immediately comment.

The issue of unmonitored file sharing has been a problem since the release of Gnutella, which allowed people to share the entire contents of their hard drives, rather than just MP3 files, as had been the case with Napster.

Network watchers quickly noted that some people appeared to be sharing much more than they realized, including personal information and Web "cookie" files that sometimes included passwords for credit cards and e-commerce accounts.

Critics of file-sharing companies, including the Recording Industry Association of America, have often pointed to this accidental sharing of personal information as a rationale for tighter regulation of the networks.

Wallace told CNET News.com that he first downloaded a zipped file of classified documents a few months ago on Gnutella, with stamped security clearances ranging from "For Official Use Only" to "Secret/NO FORN." (NOFORN typically stands for "not for release to foreign nationals" in military parlance.) The documents contained real-time information about operations in Iraq, "stuff that could kill people," he said.

In an interview from Germany, where he lives with his wife, a U.S. Army officer, Wallace said he had contacted local military intelligence about the issue. They forwarded the information to a higher level, but there was little further response until he contacted the office of Sen. Conrad Burns, who represents Wallace's home state of Montana, Wallace said.

Burns' office confirmed that the conversation had taken place.

"We did send a letter to the secretary of the Army," Burns spokesman J.P. Donovan said. "We are monitoring this as it goes along."

Shortly after Wallace got in contact with Burns' office, the file of classified documents disappeared from Gnutella. But many other potentially sensitive files remain on the sharing network, ranging from confidential military documents to internal information on public safety authorities procedures, Wallace said.

"If you're a terrorist, imagine the damage you could do with that," Wallace said. "I don't really care if people share their love letters online. The only things I care about are when people share information that could hurt people."

Wallace said he now calls agencies once before posting information on his blog but sees the site as a way to spotlight a problem that could cost lives in the future. He said he blacks out information that could be classified before posting a file.

Mr. Wallace has a point

As someone who has knowledge of this situation having been, until recently, responsible for cyber investigations in Germany for the U.S. Army, I'd like to make a couple of observations. First of all, P2P software is banned from all U.S. Army computer networks for the very reason this web site exists. This ban is/was fully enforced by the Army I.S.P. as computer security is taken very seriously there. That being said, U.S. based Army network security is far more fragmented and harder to enforce due to its geographic spread. Secondly, with respect to the Iraqi photographs, soldiers are allowed to bring cameras with them into combat zones. Many of these cameras will be digital. Soldier morale is enhanced by Internet access, ergo; images of what these soldiers are going through are going to be sent back to the "home front". It is entirely possible that the images "from Iraq" are actually being shared from computers in the United States as P2P works anywhere in the world. I'm not attempting to excuse anybody's behavior here, just trying to put it in a little perspective. Finally, as with any news story, you generally only hear half the story. I think Mr. Wallace has done a service for all of us in highlighting this particular issue, but when is the axe finally ground enough? plf5403@spymac.com

Secrets leaked on P2P, and?

No disrespect to what the author of the website is trying to highlight about P2P networks, but the internet as a whole can be used for the same purposes. The information could easily have been uploaded to a hijacked ftp server or even openly posted on a website. It seems to be that P2P is taking more than it's fair share of critisism; if people wish to leak information, there are many means other than P2P. As for people making themselves vulnerable by sharing things that they shouldn't, well such things will/would happen without P2P. Look at the number of phishing scams that happen, and people fall for them.

Give P2P a break, it can be a useful technology, but like any other it can be abused, however it seems to be the only one getting the attention for it's misuse. If people would care to look for the amount of misuse of ftp servers etc, then maybe they'd realise that P2P isn't as bad, or is only as bad as other technologies.