P2P Network Exposes Obama's Safehouse Location 307
Lucas123 writes "The location of the safe house used in times of emergency for the First Family was leaked on a LimeWire file-sharing network recently, a fact revealed today to members of the House Oversight and Government Reform Committee. Along with the safe house location, the LimeWire networks also disclosed presidential motorcade routes, as well as sensitive but unclassified document that listed details on every nuclear facility in the country. Now lawmakers are considering a bill to ban P2P use on government, contractor networks."
Wow (Score:5, Insightful)
ban the man (Score:5, Insightful)
We must ban everything that we don't understand until we can feel safe again.
Not this again... (Score:3, Insightful)
Its not P2P in itself that is wrong. It is the use. The leaked information could have wound up on a website, blog, or FTP server, and I'm almost sure nobody would be saying that those technologies should be banned.
its already banned on all government networks? (Score:2, Insightful)
whatever network administrator lets limewire traffic outside of the firewall needs tossed
Encryption? (Score:5, Insightful)
Re:Not this again... (Score:5, Insightful)
Still, unless there's some strange and compelling business need, no big business should be allowing employees to run Limewire at work IMO. Especially on government machines with sensitive information. Some P2P may be useful for business purposes. But Limewire?
Re:ban the man (Score:5, Insightful)
Congress's reaction is predictable and hilarious, but to be fair, they are only talking about banning P2P use on government computers. I don't have a problem with that. If you are working on government contracts, you should probably have a seperate computer from where you keep your music, porn, etc.
Re:Wow (Score:3, Insightful)
Suprise: lawmakers are once again clueless when it comes to technical issues that have been around for less than 100 years.
The real question is who is advising them so poorly?
Before everyone jumps to the defense of P2P... (Score:2, Insightful)
These are not commercial ISPs or home PCs we're talking about here. These are tax-payer financed networks. What business do these users have using tax-payer owned resources for downloading music/movies/etc. whether they are copyrighted or not? If you're not going to control the software installed on these workstations, at the very least the network traffic rules should not allow for this kind of outgoing traffic on client nodes.
LimeWire is to Blame (Score:3, Insightful)
Re:ban the man (Score:2, Insightful)
If I was allowed to have mod points I would have modded you up.
Re:Not this again... (Score:5, Insightful)
The issue isn't the P2P per say, it's the fact that many P2P programs make it easy to accidentally mark files for uploading that you don't mean to. A lazy/stupid/uninformed user stands a decent chance of sharing information without even realizing it, I remember trying to explain that to someone in my family way back when Napster was big, that they were sharing all of their documents out over the network because that is where they happened to store their downloaded files and they had marked the folder as one to share, not realizing that it would share files other than those they had downloaded.
Any program that can upload user documents without the user having knowledge of it shouldn't be used on any kind of sensitive system. In my mind, bit torrent is relatively safe from this, since it requires the user to create a torrent and make it available, not the kind of thing that is going to happen accidentally.
Sensitive but unclassified (Score:2, Insightful)
Now that's an oxymoron definition. If it's genuinely important to the nation to keep a document secret, then classify it. If it's not important enough to classify, then it's not important enough to keep from the public. A transparent government is a good government.
I one were deliberately trying to discredit P2P... (Score:3, Insightful)
Re:ban the man (Score:4, Insightful)
Problem reaction solution (Score:1, Insightful)
I just don't buy that this is genuine. I am not saying it didn't happen, maybe it did...but I am saying that it seems like there is a campaign being orchestrated to allow the government to step on technologies that are decentralized and allow individuals to reach the masses with information very quickly and anonymously.
We saw it a couple of months ago with the (total bullshit red herring I might add) same scenario with the helicopter plans being "found on a P2P network" being described as " the plans for Marine One," just because Marine One is a modified version of that model of helicopter does not mean the plans for Marine One were leaked.
Like it or not (and I am sure some people will refuse to believe this) but the way that governments operate these days when they want to undermine or regulate something with popular public support is to either create an issue, ensure that an issue will be created, or wait for an issue they know is bound to occur and then jump out and say "Something must be done!" Or, "there must now be regulation," or "we can no longer afford these sorts of freedoms; safety and security must be our primary concern."
Every government in the world, particularly the US and UK is itching to control the net in every way possible; their corporate benefactors want it as well.
Lights, Cameras, Lies (Score:5, Insightful)
Comment removed (Score:5, Insightful)
Re:ban the man (Score:5, Insightful)
I work with military ... stuff. When we have a classified or higher document, it doesn't go on our normal computers, like the one I'm using now. It goes on The Secret Computer, which is in its own room, on no networks, and it requires a key, a passcard, and supervision. Things like USB are locked out. It's a secure station. You can't hack it because there's no access to the device. Social Engineering won't work that well because you've got to be vetted every 5 years to maintain your access. Plus, we're all psychologically tested, have credit checks, and are generally very well looked after.
That is for that rare slice of documentation that is classified and is allowed on a computer. It's a nightmare to get a copy of a classified document -- do you think they would allow you to just hit "print" and get a second (or hundredth) copy? These files are very often (and yes, it's 2009) paper only, sent via special channels. You don't just email Secret documents off to whomever has a .mil email address. Generic workstation + classified document = security violation = jail.
Now, the WHOLE ARTICLE IS BULLSHIT
IT IS A PRESS RELEASE BY A COMPANY THAT STANDS TO MAKE MONEY FROM A MONITORING CONTRACT
Things like the nuclear document are just bullshit. If it's sensitive, it's Classified. If it's not sensitive, it's not. The End. If it was sensitive and improperly declassified, then that's a Monumental Fuckup. You can't say "oh noes nukelar secrets on lemonwire! give us teh monitoring contract!" What are the details, mailing addresses?
(Note for the pedantic: I'm using "Classified" as an umbrella term for anything that requires a security clearance because I didn't feel like typing out the various levels of document classification over and over again.)
Re:ban the man (Score:5, Insightful)
People that take action based on this allegation alone are afraid.
Fixed that for you. The USA's policies these days are driven primary by blind, largely irrational fear. Although I suppose that could be transliterated into stupidity.
The sad truth is that we have plenty of incompetent people to perform these kinds of blunders without the need for shadow organizations to orchestrate them. Anyone in the government with a will to exact more control over the public has their arms more than full of these kinds of stories.
Re:ban the man (Score:3, Insightful)
Well there is some distinction here... government contractors are not government employees. Just because the city contracts me to redesign their sewers doesn't mean they dictate what will be run on my office machines unless they are going to supply machines exclusively for that use.
Re:ban the man (Score:3, Insightful)
You're right on about the press release thing though...my thoughts exactly. When I read "and previously reported the Presidential Helo plans were found online" and other similar things. Maybe we want to look at this company that just *happens* to keep finding things online that help it out business wise. (yes I know the helo plans were traced specifically but just saying the idea isn't terribly far fetched).
And the other thing about the article "it's not easy to prevent users from installing P2P software". Oh really? last time I checked even 'XP Home' prevented you from installing stuff without an admin password. If users are installing their own programs...you've already got serious problems.
Re:ban the man (Score:4, Insightful)
But they can mandate appropriate data protection procedures for anything that you work on for them. Usually they will point to a standardized security policy and say that you have to pass an audit that meets that policy.
Re:ban the man (Score:4, Insightful)
Key word is "contracts". If I contract you, I can make all sorts of crazy demands. This happens all the time in the Real World(tm). And can include preventing you from discussing things with third parties. Or requiring certain specific standards including what software you use to design the sewers. As long as there are consideration, there is a pretty wide range of things that are binding in a contract. Of course crazy demands generally reduce the quality of the contract or increase the amount of money necessary to find a taker.
And while generally legal, being overly specific about terms that don't matter is a great way for a bureaucracy to waste money and a tremendous amount of time.
Re:ban the man (Score:3, Insightful)
Re:ban the man (Score:2, Insightful)
I have NO problem with the government madating what can and can't be on your work machine if they are paying your check. This is just common sense, just as no admin with a brain would allow someone to run Kazaa or Limewire on the corporate Intranet.
I work at a government site. Said government site has extended such bans to BitTorrent, Skype, etc. Which are technically peer to peer. But have perfectly legitimate uses.
Existing security controls should already note the lack of business necessity of things like Kazaa or Limewire. No need for additional regulations, which are always poorly written and blanket mis-interpreted (or worse, ignored due to infeasability).
baby and bath water (Score:5, Insightful)
Some leaks are good though, and necessary for maintenance of a free Republic. They are last ditch efforts by someone who is aware of "clear and present danger" when all else has failed to affect honesty and following the law in whatever bailiwick this person is working in, and usually the leakers are anything but traitors, they can be overwhelming patriots helping to expose the real bad guys and bad stuff. They can help expose government lies and corruption, when the official channels (all the way to *the very top*) are themselves completely corrupt, making any other effort doomed to failure.
Here's a prime example. [wikipedia.org] This leak was a *really big deal* for my boomer generation and certainly did some good, long range/historically speaking.
Re:ban the man (Score:3, Insightful)