P2P Network Exposes Obama's Safehouse Location

Lucas123 writes "The location of the safe house used in times of emergency for the First Family was leaked on a LimeWire file-sharing network recently, a fact revealed today to members of the House Oversight and Government Reform Committee. Along with the safe house location, the LimeWire networks also disclosed presidential motorcade routes, as well as sensitive but unclassified document that listed details on every nuclear facility in the country. Now lawmakers are considering a bill to ban P2P use on government, contractor networks."

Wow

[GofG]

If it had been leaked by uploading it to a server, would they ban the ftp protocol?

ban the man

[OrangeTide]

We must ban everything that we don't understand until we can feel safe again.

Not this again...

[mlts]

Its not P2P in itself that is wrong. It is the use. The leaked information could have wound up on a website, blog, or FTP server, and I'm almost sure nobody would be saying that those technologies should be banned.

its already banned on all government networks?

[Anonymous Coward]

whatever network administrator lets limewire traffic outside of the firewall needs tossed

Encryption?

[sexybomber]

If the leaked data was so sensitive, shouldn't it have been encrypted, or at the very, very least, password-protected? That seems like a no-brainer.

Re:Not this again...

[gnick]

Still, unless there's some strange and compelling business need, no big business should be allowing employees to run Limewire at work IMO. Especially on government machines with sensitive information. Some P2P may be useful for business purposes. But Limewire?

Re:ban the man

[dirtyhippie]

Congress's reaction is predictable and hilarious, but to be fair, they are only talking about banning P2P use on government computers. I don't have a problem with that. If you are working on government contracts, you should probably have a seperate computer from where you keep your music, porn, etc.

Re:Wow

[interkin3tic]

Suprise: lawmakers are once again clueless when it comes to technical issues that have been around for less than 100 years.

The real question is who is advising them so poorly?

Before everyone jumps to the defense of P2P...

[jpstanle]

What business do P2P file sharing apps have one government and contractor computers? While I'm sure many will rightfully point out the security through obscurity is rarely effective, and this information could have been leaked through any number of less sexy protocols like FTP, P2P file sharing has no business on government and contractor networks (BTW, when I say contractor networks, I'm referring to those that may contain sensitive or classified information). P2P apps are certainly the most common and available means of inadvertently turning a client node into a wide-open file server.

These are not commercial ISPs or home PCs we're talking about here. These are tax-payer financed networks. What business do these users have using tax-payer owned resources for downloading music/movies/etc. whether they are copyrighted or not? If you're not going to control the software installed on these workstations, at the very least the network traffic rules should not allow for this kind of outgoing traffic on client nodes.

LimeWire is to Blame

[atomic_bomberman]

How could LimeWire let this happen? This is just as bad as fork and knife manufacturers who fail to keep fat, dumb people from eating too much.

Re:ban the man

[Anonymous Coward]

I agree 100%. I don't bring my laptop where I keep my pr0n, music and run my P2P apps, this should be common sense for anyone and this should be twice as apparent for someone working for the gov't.

If I was allowed to have mod points I would have modded you up.

Re:Not this again...

[MozeeToby]

The issue isn't the P2P per say, it's the fact that many P2P programs make it easy to accidentally mark files for uploading that you don't mean to. A lazy/stupid/uninformed user stands a decent chance of sharing information without even realizing it, I remember trying to explain that to someone in my family way back when Napster was big, that they were sharing all of their documents out over the network because that is where they happened to store their downloaded files and they had marked the folder as one to share, not realizing that it would share files other than those they had downloaded.

Any program that can upload user documents without the user having knowledge of it shouldn't be used on any kind of sensitive system. In my mind, bit torrent is relatively safe from this, since it requires the user to create a torrent and make it available, not the kind of thing that is going to happen accidentally.

Sensitive but unclassified

[QuoteMstr]

Now that's an oxymoron definition. If it's genuinely important to the nation to keep a document secret, then classify it. If it's not important enough to classify, then it's not important enough to keep from the public. A transparent government is a good government.

I one were deliberately trying to discredit P2P...

[roc97007]

...one couldn't find a better way to do it than this.

Re:ban the man

[sbeckstead]

He can go to a computer on the proper network and download it just like the military has to do now. There are darn few uses for P2P that can't be handled better by something else.

Problem reaction solution

[Anonymous Coward]

I just don't buy that this is genuine. I am not saying it didn't happen, maybe it did...but I am saying that it seems like there is a campaign being orchestrated to allow the government to step on technologies that are decentralized and allow individuals to reach the masses with information very quickly and anonymously.

We saw it a couple of months ago with the (total bullshit red herring I might add) same scenario with the helicopter plans being "found on a P2P network" being described as " the plans for Marine One," just because Marine One is a modified version of that model of helicopter does not mean the plans for Marine One were leaked.

Like it or not (and I am sure some people will refuse to believe this) but the way that governments operate these days when they want to undermine or regulate something with popular public support is to either create an issue, ensure that an issue will be created, or wait for an issue they know is bound to occur and then jump out and say "Something must be done!" Or, "there must now be regulation," or "we can no longer afford these sorts of freedoms; safety and security must be our primary concern."

Every government in the world, particularly the US and UK is itching to control the net in every way possible; their corporate benefactors want it as well.

Lights, Cameras, Lies

[JackSpratts]

they could have fabricated similar testimony 10, 9, 8, 7, 6, 5, 4, 3, 2, 1 year ago (you pick). oh wait, they did. meanwhile harddrives, laptops and usb drives keep wandering away with impunity & multi gigabytes of really sensitive data. god forbid you encrypt. much easier blame p2p on the house floor in front of the bright lights of the very media cartels who create this artificial drama.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:ban the man

[Beardo the Bearded]

I work with military ... stuff. When we have a classified or higher document, it doesn't go on our normal computers, like the one I'm using now. It goes on The Secret Computer, which is in its own room, on no networks, and it requires a key, a passcard, and supervision. Things like USB are locked out. It's a secure station. You can't hack it because there's no access to the device. Social Engineering won't work that well because you've got to be vetted every 5 years to maintain your access. Plus, we're all psychologically tested, have credit checks, and are generally very well looked after.

That is for that rare slice of documentation that is classified and is allowed on a computer. It's a nightmare to get a copy of a classified document -- do you think they would allow you to just hit "print" and get a second (or hundredth) copy? These files are very often (and yes, it's 2009) paper only, sent via special channels. You don't just email Secret documents off to whomever has a .mil email address. Generic workstation + classified document = security violation = jail.

Now, the WHOLE ARTICLE IS BULLSHIT

IT IS A PRESS RELEASE BY A COMPANY THAT STANDS TO MAKE MONEY FROM A MONITORING CONTRACT

Things like the nuclear document are just bullshit. If it's sensitive, it's Classified. If it's not sensitive, it's not. The End. If it was sensitive and improperly declassified, then that's a Monumental Fuckup. You can't say "oh noes nukelar secrets on lemonwire! give us teh monitoring contract!" What are the details, mailing addresses?

(Note for the pedantic: I'm using "Classified" as an umbrella term for anything that requires a security clearance because I didn't feel like typing out the various levels of document classification over and over again.)

Re:ban the man

[Bovius]

People that take action based on this allegation alone are afraid.

Fixed that for you. The USA's policies these days are driven primary by blind, largely irrational fear. Although I suppose that could be transliterated into stupidity.

The sad truth is that we have plenty of incompetent people to perform these kinds of blunders without the need for shadow organizations to orchestrate them. Anyone in the government with a will to exact more control over the public has their arms more than full of these kinds of stories.

Re:ban the man

[shaitand]

Well there is some distinction here... government contractors are not government employees. Just because the city contracts me to redesign their sewers doesn't mean they dictate what will be run on my office machines unless they are going to supply machines exclusively for that use.

Re:ban the man

[pixelpusher220]

Personal information is not 'classified', but it is 'sensitive'; so yes it can be the case where data is sensitive but not classified.

You're right on about the press release thing though...my thoughts exactly. When I read "and previously reported the Presidential Helo plans were found online" and other similar things. Maybe we want to look at this company that just *happens* to keep finding things online that help it out business wise. (yes I know the helo plans were traced specifically but just saying the idea isn't terribly far fetched).

And the other thing about the article "it's not easy to prevent users from installing P2P software". Oh really? last time I checked even 'XP Home' prevented you from installing stuff without an admin password. If users are installing their own programs...you've already got serious problems.

Re:ban the man

[tchuladdiass]

But they can mandate appropriate data protection procedures for anything that you work on for them. Usually they will point to a standardized security policy and say that you have to pass an audit that meets that policy.

Re:ban the man

[OrangeTide]

Key word is "contracts". If I contract you, I can make all sorts of crazy demands. This happens all the time in the Real World(tm). And can include preventing you from discussing things with third parties. Or requiring certain specific standards including what software you use to design the sewers. As long as there are consideration, there is a pretty wide range of things that are binding in a contract. Of course crazy demands generally reduce the quality of the contract or increase the amount of money necessary to find a taker.

And while generally legal, being overly specific about terms that don't matter is a great way for a bureaucracy to waste money and a tremendous amount of time.

Re:ban the man

[Dragonslicer]

Wait, there's a file-sharing "industry" now?

Re:ban the man

[Leebert]

I have NO problem with the government madating what can and can't be on your work machine if they are paying your check. This is just common sense, just as no admin with a brain would allow someone to run Kazaa or Limewire on the corporate Intranet.

I work at a government site. Said government site has extended such bans to BitTorrent, Skype, etc. Which are technically peer to peer. But have perfectly legitimate uses.

Existing security controls should already note the lack of business necessity of things like Kazaa or Limewire. No need for additional regulations, which are always poorly written and blanket mis-interpreted (or worse, ignored due to infeasability).

baby and bath water

[zogger]

Some leaks are good though, and necessary for maintenance of a free Republic. They are last ditch efforts by someone who is aware of "clear and present danger" when all else has failed to affect honesty and following the law in whatever bailiwick this person is working in, and usually the leakers are anything but traitors, they can be overwhelming patriots helping to expose the real bad guys and bad stuff. They can help expose government lies and corruption, when the official channels (all the way to *the very top*) are themselves completely corrupt, making any other effort doomed to failure.

    Here's a prime example. [wikipedia.org] This leak was a *really big deal* for my boomer generation and certainly did some good, long range/historically speaking.

Re:ban the man

[Bakkster]

Then ban it on any machine with sensitive information. Any machine that needs to push P2P information just can't have sensitive information. QED.