[real-eyes] Report: First Lady Safehouse Route, Govt. Mafia Trial Info, Leaked on P2P Networks
- From: "Steve" <kcpadfoot@xxxxxxxxx>
- To: <real-eyes@xxxxxxxxxxxxx>
- Date: Wed, 29 Jul 2009 18:59:00 -0500
The following is from:
http://blog.washingtonpost.com/securityfix/
Report: First Lady Safehouse Route, Govt. Mafia Trial Info, Leaked on P2P
Networks
The latest caches of sensitive data reportedly found on peer-to-peer (P2P)
file-sharing
networks are shocking: A highly sensitive document dated July 2009, listing
the precise
location of installations bearing weapons grade nuclear fuel in the United
States;
FBI surveillance photos of an alleged mafia hit man leaked while he was
still on
trial, along with the the government's witness list, some of whom are in the
government's
witness protection program; A U.S. Secret Service document on the location
and layout
of an emergency safe house for former First Lady
Laura Bush.
The revelations came at a
House Government Oversight & Government Reform Committee
hearing on the problem of inadvertent sharing of files via P2P software.
Robert Boback
, chief executive of
Tiversa Inc.
, a company that scours these music- and file-sharing networks for sensitive
data,
told the committee his researchers also found the Social Security numbers
and family
information for every master sergeant in the U.S. Army, as well as the
medical records
of some 24,000 patients of a Texas hospital.
Boback said the list of nuclear sites was found not on computers of P2P
users in
the United States, but at four locations in France.
"Every nuclear facility, every agency," Boback said. "This is information
that is
not even subject to government Freedom of Information Act [request],
however, you
can access it on peer-to-peer, in plain text."
P2P software such as "LimeWire" and "Bearshare" link computers directly,
allowing
users to swap digital movies, music and files with other users without the
need of
a central Web site to manage the exchange. What users may not be aware of is
that
the software that facilitates file sharing may be configured to allow access
to a
portion, if not all, of a user's documents.
The disclosures are just the latest examples of egregious data breaches made
possible
by inadvertent file-sharing over P2P. Last summer, The Washington Post found
that
an employee of a McLean investment firm accidentally shared the Social
Security numbers
and birthdays of some 2,000 lawyers in the Washington area,
including Supreme Court Justice Stephen G. Breyer.
In March 2009, blueprints for Marine One, the president's official
helicopter, were
found on the computer of a P2P user in Iran.
Mark Gorton, chairman of LimeWire parent The Lime Group
, told the committee that the latest version of his company's software makes
it extremely
difficult to accidentally share sensitive documents on their PCs.
Gorton said efforts to regulate the P2P software industry would be
difficult, as
LimeWire was but one of dozens of such software providers.
"We are doing our best to set a standard that we hope other file-sharing
companies
can follow," Gorton said. "Most creators of P2P applications are not based
in the
United States, and may not even be corporations."
But Committee Chairman Edolphus Towns (D-N.Y.) was not convinced, saying he
planned
to introduce a bill to ban this peer-to-peer software software from all
government
and contractor computers and networks.
"I plan to meet with the new Chairman of the Federal Trade Commission to
request
that the FTC investigate whether inadequate safeguards on file sharing
software such
as LimeWire constitute an unfair trade practice," Towns said. "The
Administration
should initiate a national campaign to educate consumers about the dangers
involved
with file sharing software. The FCC needs to look at this, too. The
file-sharing
software industry has shown it is unwilling or unable to ensure user safety.
It's
time to put a referee on the field."
Rep. Darrell Issa
(Calif.), the panel's ranking Republican, was more concerned about the broad
availability
of pirated, commercial software on P2P networks. Waiving a CD-Rom filled
with dozens
of examples of tax returns downloaded from P2P networks, Issa addressed Mark
Gorton,
chairman of LimeWire parent The Lime Group. Issa said he was concerned about
hundreds
of millions of dollars of software stolen each year through P2P.
"I will tell you this disk represents to me a referral to the California
attorney
general if we cannot be satisfied," Issa said. "If you condone and allow and
induce
this to happen, you are guilty of cooperating and participating in every
criminal
act that flows from that activity."
By Brian Krebs | July 29, 2009; 12:20 PM ET |
__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4289 (20090729) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
To subscribe or to leave the list, or to set other subscription options, go to
www.freelists.org/list/real-eyes
Other related posts:
- » [real-eyes] Report: First Lady Safehouse Route, Govt. Mafia Trial Info, Leaked on P2P Networks - Steve
