RealTime IT News

Stolen Fighter Plane Plans Still on P2P Network

WASHINGTON -- A House panel heard testimony today about the ongoing vulnerability of peer-to-peer networks, including the alarming contention that data about the Pentagon's most expensive weapons program is still vulnerable.

Two weeks ago, The Wall Street Journal splashed a story on its front page detailing how intruders were able to access design data about the $300 billion Joint Strike Fighter Project.

"What wasn't reported in the Wall Street Journal? This was peer-to-peer," Tiversa CEO Robert Boback told members of the House Subcommittee on Commerce, Trade and Consumer Protection on Tuesday afternoon. "The information, unfortunately, is still on the peer-to-peer [network]," said Boback, whose security firm specializes in analyzing traffic on file-sharing networks.

"This was discovered in January, 2005 -- we discovered it. We reported it to the DoD," he said. "It's still out there. It's never been remediated. Awareness is not where it needs to be. Oversight is not where it needs to be."

Today's hearing focused on a pair of bills related to data security, including one that would tighten the screws on peer-to-peer networks. The Informed P2P User Act would require file-sharing companies to shore up their policies to guard against users' sensitive files inadvertently leaking out across peer-to-peer networks.

Security concerns associated with peer-to-peer networks were elevated earlier this year when Tiversa discovered engineering and communications information about the president's helicopter on a server in Iran, obtained through a peer-to-peer network.

There have also been several reported instances where consumers' sensitive files, such as tax returns and medical records, have been inadvertently shared over peer-to-peer networks.

The P2P bill was introduced within a week of the helicopter breach.

It seeks to clarify for consumers which files on their computers will be accessible once they connect to a peer-to-peer network and obtain meaningful consent before sharing files, areas where critics charge peer-to-peer networks have been too lax.

"We've got truth in lending. We've got truth in labeling. I think it's about time we had truth in networking," said John Barrow, a Georgia Democrat and co-sponsor of the bill.

But while the witnesses generally agreed that peer-to-peer networks could use a security tune-up to prevent inadvertent sharing, some warned that the bill overreaches.

Page 2: Eyes on self-regulation