How did classified data on Marine One, the U.S. presidential helicopter fleet, wind up on a computer in Iran?
That’s the question that Department of Defense (DoD) officials and helicopter manufacturer Sikorsky Aircraft are scrambling to figure out after a file containing data on the helicopters surfaced on Iranian computers in a peer-to-peer file-sharing network, InternetNews.com has learned.
Sikorsky, a unit of United Technologies Corp. (NYSE: UTX), built the helicopters currently making up the Marine One presidential chopper fleet, which also transports the vice president and White House staff.
“We’re conducting an investigation,” Paul Jackson, the company’s communications director, told InternetNews.com. “We can’t comment on any part of this until we know what’s going on.”
White House spokespeople confirmed that the DoD is also looking into the matter.
The leaked data file includes sensitive avionics information, such as schematics about the chopper’s radar and missile warnings, and information about the telecommunications carriers the chopper uses to provide mobile communications for its occupants.
The incident highlights the danger of security breaches caused by P2P networks like BitTorrent and Gnutella, which consumers often use to illicitly share music and download movies.
“People don’t realize that other people on the network can … easily share all the contents of your hard drive, not just your music folder,” said Scott Harrer, brand director at Tiversa, a firm that monitors P2P file-sharing networks for commercial and government customers, and the company that first noticed the leaked file.
“We’ve seen hundreds of thousands of tax returns on the networks, and even military information on these networks,” he told InternetNews.com. “It’s a publicly available network and you’re choosing to share your files.”
Tiversa first detected the classified data in the wild last week and then alerted law enforcement agencies and the defense contractor from which the material originated, Harrer said.
He declined to name the contractor. However, Sikorsky’s Jackson confirmed that his company is the chief contractor on the current generation of Marine One helicopters.
[cob:Special_Report]Malcolm Wiley, public affairs officer with the U. S. Secret Service, told InternetNews.com that the agency is aware of the leak. However, he declined to say whether the Secret Service has launched an investigation of its own.
Spokespeople from the FBI and CIA did not return requests for comment by press time. The White House referred questions on the investigation to the Department of Defense.
Another shiner for the feds
The incident marks the second time Tiversa has spotted the Marine One data on a P2P network. The first time had been in the fall, after which Tiversa notified the defense contractor, Harrer said.
Then, last week, Tiversa spotted the file again and traced it to a user with an IP address in Teheran, Iran, he added.
“I don’t know if the contractor took internal steps to wipe that machine or shut down the disclosure source, but obviously it didn’t work,” Harrer said.
Sikorsky’s Jackson declined comment on whether or not this was the second time the file had been leaked.
Page 2: Securing federal cybersecurity
Page 2 of 2
The leak further highlights what security experts say are persistent problems in federal cybersecurity.
Most recently, the federal government last month disclosed two major data losses. At the Federal Aviation Administration (FAA), data thieves broke into a server and made off with information on 49,000 employees. Meanwhile, the Los Alamos National Laboratory in New Mexico is undergoing a security shakeup following the discovery that a total of 90 computers had gone missing or were stolen over the past year.
Concerns over national cybersecurity grew severe enough that an independent think tank in December published a report on the problem for the then-incoming Obama administration. This was followed by a set of recommendations issued last week by security experts from both the public and private sectors.
Still, the government is showing some signs that it’s working to combat the problem. President Obama’s proposed budget, presented last week, sets aside $355 million for cyber security, in a move hailed by industry observers.
Yet Harrer said the government still has a long way to go.
For one thing, the unauthorized sharing of the Marine One file is just one of many high-level security leaks Tiversa sees almost daily, he said.
“Here’s the crazy thing — there are even more severe disclosures than this out there, and we see these daily,” he said. “Sensitive military information, enterprise information and personal information is all being shared without authorization.”
Military information on P2P networks includes information about troop deployments, Harrer said. Tiversa said it’s approached the armed forces about this issue, but Harrer said the problem remains.
“Some units have done something about it, some have not,” he said.
Harrer added that the Iranian user with the Marine One data also has several other files containing sensitive information on his computer, although he declined to go into more detail about the files or the user.