P2P Network Exposes Obama's Safehouse Location 307
Lucas123 writes "The location of the safe house used in times of emergency for the First Family was leaked on a LimeWire file-sharing network recently, a fact revealed today to members of the House Oversight and Government Reform Committee. Along with the safe house location, the LimeWire networks also disclosed presidential motorcade routes, as well as sensitive but unclassified document that listed details on every nuclear facility in the country. Now lawmakers are considering a bill to ban P2P use on government, contractor networks."
And? (Score:5, Informative)
Biden has already told the press the secret location of the VP's emergency bunker.
http://blog.newsweek.com/blogs/thegaggle/archive/2009/05/15/shining-light-on-cheney-s-hideaway.aspx [newsweek.com]
Re:And? (Score:3, Informative)
Re:ban the man (Score:5, Informative)
Towns [House Oversight and Government Reform Committee chairman Rep. Edolphus Towns, (D-N.Y.)] said that the file-sharing industry's promises to self-regulate itself had clearly failed. "Specific examples of recent LimeWire leaks range from appalling to shocking," Towns said. "As far as I am concerned, the days of self-regulation should be over for the file-sharing industry."
Saying "the days of self-regulation should be over" is congresscritterspeak for "we're about to regulate another industry", which in this case would be a) bad, b) useless, and c) undeserved. Bad because it would stymie technical development in the US, and useless because said development would then simply take place elsewhere in the world. Undeserved, because Limewire did not attempt to spread US government secrets. Their software was simply the mechanism by which some idiot (presumably a government-employed idiot, but that would be redundant) knowingly or unknowingly loosed this material into the wild.
Other members want the issue investigated by the Federal Trade Commission, the Securities and Exchange Commission and law enforcement authorities. They said that the continued failure by companies such as LimeWire to take more proactive steps to stop inadvertent file-sharing is tantamount to enabling illegal activity resulting from the data leaks.
And how do they propose that Limewire prevent sharers from sharing government secrets? By sending someone to each Limewire installation to make sure the luser configured it correctly? To the power-grabbing, meglomaniacal nanny state committee-rats in congress, here's an idea: clean your own house first. Clamp down on those with the poor judgment to run p2p sharing apps on systems that have sensitive data. Is there a rule against it? No? Make one. Yes? Enforce it. Hell, ban p2p on all govt systems, sensitive or not, and enforce it like the matter of national security it is.
Two points... (Score:3, Informative)
1. I was blocking Limewire (and Kazaa, etc.) traffic for clients with substantially less security exposure for years and years. Most P2P networks are just hives of viruses, malware, exploits, illict file sharing, and worse. My clients pretty much expected it. Of course, blocking Webshots gots people a little hot, but they get over it.
2. Any bets that the actual culprit was a security wonk, figuring they were smarter than the rest of the world? Very few of the 'security' folk I've worked with actually practiced what they preached. And most either wandered from job to job, or lasted only until the first noticeable breach. One of my former clients made the news a few months ago, because someone was putting USB keys into their corporate servers. Even the PKI repository. Apparently they thought a free utility they got from a friend at a user group was really useful. Not.
Re:ban the man (Score:5, Informative)
I work for a defense contractor. We have sensitive government data on our networks because of the nature of the work we do, and the only thing we're allowed to do to the internet is make http and https connections through a heavily firewalled and restrictive proxy, so that not only we can't leak stuff out on purpose with filesharing software, but so that commercial software can't phone home and give away something it shouldn't even by accident. Not to mentioned that we sign an NDA when we hire on that explicitly says we (individual employees) will not leak stuff out or through carelessness allow stuff to be leaked out. In my opinion whoever leaked this stuff out onto limewire probably broke several federal laws already on the books and might be looking at jail time.
Re:Wow what a kneejerk. (Score:3, Informative)
They are not banning P2P they are banning running it on government PCs and contractors PCs.
Frankly any company that allowed it's employees to put Limewire on a work PC shouldn't be a government contractor.
Re:ban the man (Score:2, Informative)
Um, I use Transmission on MacOS X as my bittorrent client, and from my understanding of how bittorrent works (just having used bittorrent clients, not having examined the actual protocol at all), you can't accidentally 'share' files on your computer. You have to explicitly create a torrent file for the said file/folder, send it to somebody else or post it somewhere, and then leave your bittorrent client software open and running to be able to transfer your own files to others.
Other protocols automatically and/or fairly easily will share some/all files/folders on your local computer with everyone (or with some kind of permission structure) without needing the end-user to explicitly upload/send anything to other people.
Already controlled for (Score:3, Informative)
Now, I realize that's highly generic, but it's up to the organizational unit to write some sort of policy around the guidance. If they aren't able to do that, they're not in compliance with FISMA and the GAO should rightly be sticking a rather large boot up their ass [slashdot.org].
Re:ban the man (Score:4, Informative)
Re:ban the man (Score:3, Informative)
You sir, are wrong. You have startling amount of misinformation on sensitive document handling. You scare me.
There is no "Classified or higher". It is either classified or it is not. "Classified" is not a classification.
Personally Identifiable Information (PII) is unclassified but considered sensitive, and an official incident is filed when there is possibility that PII has been disclosed. There is also Unclassified Controlled Nuclear Information (UCNI), which by definition is unclassified but sensitive and subject to the Atomic Energy Act. Plus there is FOUO, SBU and CUI- all "unclassified", but considered sensitive.
If the document was declassified, then there will be a paper trail as to who declassified it an when. Should be easy since there are few people in the document chain that can legally declassify documents.
You've got to be kidding me. (Score:2, Informative)
You're joking, right?
Almost every computer that handles classified information for the DoD is connected to a network. Not the Internet of course, but SIPRNET or one of the 30 or so other classified networks, depending on classification level and other considerations. I don't recall ever needing "a key, a passcard, and supervision" to access any of them, just a user name and password, like every other computer.
Damn near nothing is paper only anymore, and any time I needed a copy of a document I clicked the "print" button in Word or Acrobat, walked over to the printer and grabbed it. And yep, I can email them too! Only to accounts on the same network of course, and I am ultimately responsible for determining whether or not the recepient has the appropriate clearance and need to know, but it's that simple.
Lots of things are sensitve but unclassified (also known as SBU).
I hate calling people out like this, but you're spouting lots of FUD. You're either intentionally lying about how things work, or you've never had any contact with anything classified and are rattling off garbage that you either made up or pulled from some crappy novel.