P2P Network Leaks: The VH-60N Helicopter
P2P Intelligence firm Tiversa claims that in Oct/Nov 2008, it traced a file that contains details regarding the VH-60N Presidential Helicopter’s CAAS avionics architecture, and some program financial data, on public-access peer-to-peer (P2P) file-sharing networks. On Feb 25/09, the file was found on the IP address of an Iranian computer.
Subsequent reports indicate that the employee in question was a high-level executive, but the breach took place outside the company’s offices. This means the data may have been on a home computer when it was leaked. The information was shared over a P2P network called Gnutella, which is actually an open source standard used by a number of file sharing programs. Retired Gen. Wesley Clark, an adviser to Tiversa, offered this quote to several media outlets:
“We found where this information came from. We know exactly what computer it came from. I’m sure that person is embarrassed and may even lose their job, but we know where it came from and we know where it went.”
Bob Boback, Tiversa CEO, said to NBC affiliate WPXI in Pittsburgh that:
“When downloading one of these file-sharing programs, you are effectively allowing others around the world to access your hard drive.”
This is true, unless the program’s security settings are not adjusted to restrict access to certain locations only, or the specific software used has inherent security vulnerabilities. These programs also provide a potentially exploitable point, via separate “malware” programs that might introduce vulnerabilities to compromise a computer’s P2P client software.
Peer-to-Peer (P2P) file-sharing programs are in use within a number of organizations that deal in highly classified data. The problem is that unless centralized configuration and management of all of those programs is in place, and the programs are customized to be usable only with authenticated peers or within a completely walled-off private network, the probability of a security breach grows rapidly. As new computers hosting P2P programs are added by members of the organization, the odds of a misconfigured computer, or use outside safe networks, approaches 100% without these kinds of layered safeguards.
CAAS is a basic cockpit architecture in US SOCOM’s helicopters, and it has also migrated to upgraded Army models like the CH-47F Chinook and UH-60M Black Hawk. It is not an intensely secret specification and equipment set, but neither is it public open source. Tiversa reported the breach to the Bethseda, MD contractor as soon as it was found, and the incident was immediately reported to the government.
This is not the first time for incidents of this sort, however, and some P2P breaches have been more serious.
In July 2007, Gen. Clark testified to the US House Committee on Oversight and Government Reform that Tiversa had found a myriad of serious P2P leaks. These leaks extended across all government departments. In the military sphere, the included the Pentagon’s entire backbone network infrastructure diagram, complete with IP addresses and password change scripts; contractor data on radio frequency manipulation to beat remotely-triggered IED land mines in Iraq; physical terrorism threat assessments for 3 major U.S cities; and information on 5 separate U.S. Department of Defense information security system audits.
See also: NBC affiliate WPXI Pittsburgh’s report | cnet Q&A with Bob Boback | Ars Technica report | cnet report | Computerworld | Fox News | MSNBC | Reuters | Computerworld on July 2007 testimony.