Unsafe file-sharing, Iran gets Marine One plans

According to WPXI, a Pennsylvania company has uncovered a security breach involving the President's Marine One helicopters, a P2P file-sharing program, and an IP address in Tehran, the capital of Iran.

Although President Obama and other high-ranking American government officials have access to a fleet of high-tech and security-enhanced helicopters, the term "Marine One" is used to refer specifically to the helicopter in which the President currently is flying. The technical specifications for all of the helicopters in the fleet are highly classified, and any security breach, particularly to a hostile foreign power, is naturally of great concern.

The fact that it is happening through simple file-sharing programs, which most people seem to think are just for the "harmless" sharing of music and video files, is even more alarming.

Bob Boback, CEO of Tiversa, the company who discovered the breach, explains, "We found a file containing entire blueprints and avionics package for Marine One, which is the president's helicopter[, at an IP address in Tehran]. What appears to be a defense contractor in Bethesda, MD [Maryland] had a file sharing program on one of their systems that also contained highly sensitive blueprints for Marine One."

But Iran is not alone in using file-sharing programs as a backdoor into otherwise secure government and business networks. Boback continues, "We've noticed it out of Pakistan, Yemen, Qatar, and China. They are actively searching for information that is disclosed in this fashion because it is a great source of intelligence."

Report a problem with article
Previous Story

AMD to ship 32nm chips in 2010

Next Story

Editorial: Advertising...how far is too far?

56 Comments

Commenting is disabled on this article.

Lolwut? You know delete people's comments on neowin? I didn't swear or in anyway offend anyone. Thanks for letting me know that I have no right to argue against neowins staff.

It doesn't matter if it was human error, it doesn't matter if it was a defense contractor, the key point is that data that should have remained private was accessed by someone who shouldn't have that data. The system failed. This is one of the risks associated with outsourcing to non-governmental agencies with sensitive government data. You are trusting employees that you have no direct control over.

True. There are many "levels" of security in the American government (and probably in other governments). Individuals are rated and given "security clearance" based on the "level" scheme, whether they work for the CIA, NSA, or any other government body.

Companies who work for the US government also receive clearance to access certain classified data. Most of the time, these companies and their employees work well within the system. Here, clearly, someone has been a bit more than lax, allowing the Iranians to breach the security net cast by the American government by installing a file-sharing program and setting the "share" component too broadly.

So Gary Mckinnon is going to be extradited to the U.S.A. to do 60 years Hard Labor, because he found a hole in security and yet an employee using a file sharing app and creates a hole in the security of the system the size of a black hole, make no sense why the employee isn't found and given a long stretch.

Excellent. I just found this site today, and it seems to have some good information on it, so I'm glad to see that you went ahead and changed the title/headline, and was good natured about it...

Welcome to Neowin! I have to admit I didn't see any problems with the original, and it took me a while to get my head around the objections (there was no intention to mislead), but we do try.

@CCheney -

Welcome We are always thankful for members' suggestions about articles, if they have a problem with them, however, the only way to get us to see these problems is to use the 'Report a Problem' feature

To add to Sam Symons' comment -

The title has been changed after much debate from our members. Comments about the title of the article have been deleted in order to prevent confusion to other members who read this article.

Please, in future, use the 'Report a Problem' feature to discuss problems/issues with our articles and not the comments section.

Thank you,
CalumJR
Neowin News Comment Moderator

""We've noticed it out of Pakistan, Yemen, Qatar, and China. They are actively searching for information that is disclosed in this fashion because it is a great source of intelligence." " The USA dosent do this then............................................

nah, they don't need to use simple p2p apps and hope some guy has some good data on his PC. They'll go in through hidden backdoors or just snatch it over the lines.

so... how are they saying only iran, pakistan ... china are the only country that accessed the information? i'm no p2p expert, but can't one fake their location using proxies? how about hacking into a workstation in one of those countries and use that to grab information so the taceback points to the hacked computer?

[< snipped > - CalumJR] - [The title has now been changed]

America is so paranoid about security but yet something like this happens? Come on. What happened to the Dept. of Homeland Security? I'll bet people like Glenn Beck are just aching to share their opinions about this. Now, if the RIAA files suit against this contractor, that will make my day.

We don't have complete details here, we are all assuming that a contracted employee installed the P2P software. What if an Iranian operative installed the program covertly and set it to share the data? What P2P? FTP? VPN? There is more to this story I feel as a government contractor should be under the same scrutiny as far as PC security goes. Especially in this case.

ford.red said,
I can't help but laugh at this guys name:

What were his parents thinking?


It's an Iranian name

Pronounced "Bah-back"

Sounds pretty true to life. "Know it all" computer yokels who think they're more tech savvy than their system administrators do stuff like this all the time. We had a porn jerk do this in one of the state's tax offices a while back and ended up liberating about 3000 taxpayer's identities because he thought the security was too strict, managed to proxy out some sort of file share so he could support his habit and the rest was history. In a closing of the barn door after the horses were out move, everyone in that department lost administriative access to their computer systems, especially if they were the type who demanded that they needed it. Most of the crap software that needs power user or administrative access thankfully is disappearing as software developers start realizing that security breaches due to their software demanding excessive rights is really bad PR.

Looking at the Article, this was found on a contractors computer, not a government computer. There's a big difference. I know contractors do connect to military networks and such, but those are highly secured terminals (for the most part, especially if the terminal handles classified information), at least what was shown to me personally. This person will def. be fired, if they already haven't been and the IT department will also be investigated on why this wasn't detected or blocked by their systems. I know talking to quite a few defense contractors that work in the IT field have told me today that something like this would be a nightmare since there would be internal investigations by the said company and the Department of Defense along with the FBI for possible criminal behavior.

The government should use something like the Arpanet, for at least important files that need to be shared. There really isn't a need to have this type of data on the internet.

So according to this article, if I give VPN access to my computer to some guy I can later accuse him of hacking my computer when he tries to access my information?

Just a though here, but would you say pirating music/software/movies/etc doesn't make a person a pirate. I mean this information is also freely available in P2P networks. Just throwing it out there...

alright, this is not the fault of P2P, its the fault of some individual who has no sense or knowledge of how to be secure, information like that does not belong anywhere near the internet, even if P2P didn't exist, viruses and exploits do

No but all the on board defense systems, communication systems and what other things it may have are meant to be a secret thus the problem at hand with the info being leaked.

jesus blueprints are highly sensitive damn what does this mean if someone could manage to bring an RPG into the US they may actually know a sweet spot on it.. how pathetic.

It's a piece of crap SH-3 not exactly a classified aircraft from area 51 <_<

Actually, the security issue in question would be in regards to the counter-measures installed and enabled on Marine One class helicopters. THAT's the security issue.

excalpius said,
Actually, the security issue in question would be in regards to the counter-measures installed and enabled on Marine One class helicopters. THAT's the security issue.

uh no ? it's a helicopter it has chaff and flares for counter measures ... they fly multiple identical aircraft in formation and yeah what else would there be ? a teleport gun ?

@Digix,

If you don't known anything about national security or state-of-the-art technology, you might want to refrain from challenging those of us who do.

splur said,
Totally an excuse to monitor and block P2P traffic.

I'm not sure if this story is an attempt to capitalize on a sensationalist title like "threat to Obama" or whether it was something planted by the RIAA.

I think it's bs. I don't think they would be even close enough to stupid to put top secret information on a computer connected to the internet.

They are hiding something.

.-Corey-. said,
I think it's bs. I don't think they would be even close enough to stupid to put top secret information on a computer connected to the internet.

They are hiding something.


Knowing how incompetent government employees can be, i t wouldn't surprise me at all.

True.

They should only be available to the gov'ts own 'intranet'.

Someone f'd up and installed P2P crap on a gov't computer, now the info is out there.

Someone f'd up and installed P2P crap on a gov't computer, now the info is out there.

No it was a defense contractor in Bethesda, MD. That's not the same as a government computer. I have worked in the governments IT system, you can trust that it is secure. One thing I can say about the federal government: They do IT right! Unfortunately, it might be the only thing they do right.

Aren't defense contractors supposed to be controlled and certified by the Pentagon levels of security like C2? or sometimes even higher level?

They aren't physically connected. What this contractor did in MD is do something really wrong and stupid. He had the sensitive data on an unauthorized system. Use of p2p applications and networks is strictly prohibited. I assure you that the US Gov has so many rules in place to prevent this. It only take one really idiot to put national security at risk. I hope that this Contractor is removed from his position immediately.

No more gov jobs for that company now. Nice going there. The gov doesn't take this sorta stuff lightly, looks like they're going to lose any gov jobs they've got or would've had now.

Though who knows if they're even up-to-date specs? They could be old maybe? It's not like they don't send out fake info/intel as well.