Archive for Marine One

Data Security Podcast Episode 42 – Mar 02 2009

Posted in Breach, criminal forensics, Podcast, web server security with tags , , , , , , , , , on March 1, 2009 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program:  Poor infosec leads to Presidential security incident; Hall of Cyber Shame: State’s post info about delinquent taxpayers;  And the week’s news.

–> Stream, subscribe or download Episode 42 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored by The Engate Hosted eMail Security System. Tell them you heard about them on the Data Security Podcast and get 50% off their service. Offer good until March 31st, 2009. Tales from The Dark Web Sponsored by DeviceLock Removable Media Security Software.

The Show Notes Page for Episode 42 of The Data Security Podcast

-From The News:  Consortium of US Federal Cybersecurity Experts Establishes Baseline Standard of Due Care for Cybersecurity – The Top Twenty Most Critical Controls. See this SANS Link for more, and to add in your comments to the standard. Article on the topic in Federal Computer Week that was mentioned in this segment of the program.

President Obama takes off from the South Lawn of the White House on his first flight aboard Marine One.

President Obama takes off from the South Lawn of the White House on his first flight aboard Marine One.

-From The News: Poor data security at a defence contractor leads to Presidential security incident involving sensitive information, including Marine One’s entire blueprints and avionics package . Kudos to the Peer-2-Peer security team at Tiversa for discovering the breach.

From The News: When people are afraid of loosing their job, ethics sometimes goes out the window. See the report at . Scroll down to find the link titled: The Global Recession and its Effect on Work Ethics. (Free registration is required, no integrity validation of field info appears to be in place. Is that you downloading the report?)

-From The News: Why we don’t live in Michigan, reason #775.  As if Michigan residents don’t have enough to contend with, as they watch their primary industry go down for the count…. Governor Jennifer Granholm wants to humiliate delinquent taxpayers by posting their identities online.  Hey Gov, with your people suffering job loss, bankruptcies and foreclosures, one would think you’d want to preserve whatever dignity they have left.  (P.S. There are 18 states who brag that this “cybershame” method results in tax collections. Probably some identity thefts too, since addresses and other personal information are there for the world to see.)

– Conversation: Ira Victor talks with Bill Greeves, IT Director for Roanoke County, VA, about MuniGovCon’09 – A Virtual Conference on Web2.0 taking place in Second Life on April 10, 2009 from 9:00 AM – 1:00 PM PST. Here is the main site:

-Wrap-Up: After hearing about EasyVPN on the Data Security Podcast, Peter Nikolaidis’ posted this blog entry: Comodo’s EasyVPN Landing Page is an Attack Site? Comodo responds with this very open, and candid, mea culpa.

Next Week: Ira reports from IT Security World in Orlando Florida.


P2P Usage Leads To Presidential Security Breach

Posted in Breach with tags , , , , , , , on March 1, 2009 by datasecurityblog

Pittsburgh TV Station WPXI is reporting that Security Company Tiversa discovered engineering and communications information about the Marine One Chopper fleet on an Iranian Computer system. Marine One is a critical transportation asset for the President of the United States.

Bob Boback, CEO  Tiversa, said, that he found the entire blueprints and avionics package for the famous chopper on an Iranian system. The company traced the file back to it’s original source, which appears to be a defence contractor in Bethesda, MD.

How did secret Marine One information end up in Iran? According to Mr. Boback, it appears that the defensible contractor had a file sharing program installed on their network, the same network that contained highly sensitive information on Marine One.

Boback said that someone from the company most likely downloaded a file-sharing program, typically used to share music and movie files, not realizing the potential problems.

Iran is not the only country that appears to be accessing this information through file-sharing programs. Boback said that they have seen the files accessed by systems in Pakistan, Yemen, Qatar and China.

If this is what passes for information security in matters of national defence, just wait until the Feds start mandating the digitizing of everyone’s medical records.

Boback’s team should get kudos for their investigative work. Boback notified the government immediately and said appropriate steps are being taken.

Pennsylvania Congressman Jason Altmire
will ask  Congress to investigate how to prevent this incident from happening again. There needs to be some tough questions asked, although too many times, these Congressional hearings don’t lead to serious changes.

This is all the more reason for  SANS’ new Consensus Audit Guidelines (CAG) to be taken seriously. One of the goals of that program is to deal with national security-related data breaches.

At this point, we don’t know what logging mechanism is in place at this contractor. Logging is a part of the CAG. Although one would have assumed that a good logging mechanism would have detected some of the peer-to-peer traffic before the incident got out of hand. Maybe the contractor has a “logging in name only,” (LINO) something I have seen first hand.

And, it’s important to point out, that among the layers of security in the CAG that need to be added to many networks is the right kind of data loss prevention( DLP).

I have seen a lot of vendors lately pitching what I call single port DLP solutions, many of which only block one port. And even more solutions that only block based upon pre-determined dictionaries of credit card numbers, or social security numbers, or HIPAA data.  They point these DLP solutions at the mail server, or others only monitor port 80 for web traffic.

Based upon what we know about this incident, one of the layers of security that is needed is a solution that fingerprints important files in that business unit, with hashing of the “slivers” of those files. Then, DLP should be pointed at all 65535 ports so they can all be monitored for leakage of any of the data, any port, any protocol. Even with a file sharing program on the network, the right DLP solution would have trapped the data before it ended up on servers in the Middle East, and Asia.

By the time you read this, this Marine One story will be all over the mainstream press. The public is going to be mad, and scared. It’s time for information security professionals to stand up, and let the public policy makers know that there are solutions to this challenges, and now is the time to (finally) take these solutions seriously.