Sitting here in the San Jose airport reviewing comments from yesterday’ s workshop – one the of the security issues we covered included leakage through P2P networks, a topic I’ve mentioned before on this blog. Here’s the proof; Obama’s helicopter – Marine One: here’s what was out there in plain sight:
“In addition to the blueprints and avionics package information, the breached data included costs for building and maintaining the helicopter used by the White House to ferry the president to Andrews Air Force Base, Camp David in the Maryland Mountains and other locations around Washington, D.C.” – reported by Channel Insider, and online tech bulletin.
How does this happen? Referring back to my previous post on P2P Peril – this is common. This data was likely on a system that was either used by family members or the employee was using this system for personal activities including music and video file sharing on a P2P network. Once connected to this public forum, hackers set up information aggregators that search for sensitive information including government and financial data. That data is then copied to a central aggregation server that can be accessed by those who know of its existence. This was discovered by using a third party service that sets up its own search engines, looking for confidential data, in an effort to notify the owner (a paid service government and large corporations subscribe to). What happens from here? The data is out there – whatever it is. It can’t be erased or recovered. The employ may be terminated or sent to “special projects”, meanwhile other users will be cautioned not to let this happen again. Chances are the user of this system had no idea this was happening, and neither will his colleagues, until it happens to them. The real problem belongs to the asset owners and national security – i.e. our personal safety.