A few weeks ago, I discovered a blog called See What You Share on P2P. The site’s owner, Rick Wallace, was alarmed at the amount of sensitive military information that could be accessed by the public via peer-to-peer networks such as Gnutella. He was able to cull photos, documents, and letters from American soldiers and military bases in Iraq and around the world. Some of the files were innoucous (like this goofy photo of a solider bathing). Others included photos of a crashed military jet and a screenshot of a spreadsheet file that contained names, addresses and telephone numbers of Marines. Wallace attempted to contact some of the relevant government agencies to warn them about security breaches involving potentially classified information, but at first he didn’t get a response.

Well, now it appears that the site has been shut down. But does silencing whistleblowers solve the problem? As another network security watchdog commented:

The problem still remains, and there will be leaks in other forms. The nanny state is limited in [its] alternatives. Yet there are even larger issues at stake.

What happens if, in the near future, viruses with P2P technology abuse built-in (as we’ve already seen with Phatbot, and some other variants) start faking their legitimacy as a P2P node by automatically sharing the same folders that standard P2P software such as Shareaza and Bearshare do?

Suggestion for US Forces:

Do not save pictures in the default “My Pictures” folder, do not save music in the default “My Music” folder, and do not save movies in the default “My Movies” folder. Instead, make new directories for all three and do not use P2P software.

Oh, and do not shut down this website for bringing the issue to light, fix the real problem.

More background here. I think Rick Wallace deserves some sort of commendation for bringing attention to this serious security oversight.

comments (0)   trackbacks (3)