http://news.com.com/Are+P2P+networks+leaking+military+secrets%3F/2100-1038_3-5285918.html By John Borland Staff Writer, CNET News.com July 27, 2004 A new Web log is posting what it purports are pictures, documents and letters from U.S. soldiers and military bases in Iraq and elsewhere--all of which the site's operator claims to have downloaded from peer-to-peer networks such as Gnutella. The "See What You Share" site has been online for a week and has published photos ranging from a crashed military jet to a screenshot of a spreadsheet file that appears to include names, addresses and telephone numbers of marines. The site's operator, a 30-year-old named Rick Wallace, wrote in a blog posting that he is trying to help the military understand how serious a security risk unmonitored peer-to-peer file sharing can be. CNET News.com could not independently verify the authenticity of the documents posted on the site. "I want everyone to know that we can be our own worst enemies when we don't understand the full power of our technology," Wallace wrote in a posting explaining the site. "I want every military and government agency to see firsthand what is being shared with anyone who has a computer. Since a picture is worth a thousand words, I can save myself some talking." Among the items appearing on the site were documents from a transportation unit at Fort Eustis in Virginia. A Fort Eustis spokesperson contacted could not immediately comment. The issue of unmonitored file sharing has been a problem since the release of Gnutella, which allowed people to share the entire contents of their hard drives, rather than just MP3 files, as had been the case with Napster. Network watchers quickly noted that some people appeared to be sharing much more than they realized, including personal information and Web "cookie" files that sometimes included passwords for credit cards and e-commerce accounts. Critics of file-sharing companies, including the Recording Industry Association of America, have often pointed to this accidental sharing of personal information as a rationale for tighter regulation of the networks. Wallace told CNET News.com that he first downloaded a zipped file of classified documents a few months ago on Gnutella, with stamped security clearances ranging from "For Official Use Only" to "Secret/NO FORN." (NOFORN typically stands for "not for release to foreign nationals" in military parlance.) The documents contained real-time information about operations in Iraq, "stuff that could kill people," he said. In an interview from Germany, where he lives with his wife, a U.S. Army officer, Wallace said he had contacted local military intelligence about the issue. They forwarded the information to a higher level, but there was little further response until he contacted the office of Sen. Conrad Burns, who represents Wallace's home state of Montana, Wallace said. Burns' office confirmed that the conversation had taken place. "We did send a letter to the secretary of the Army," Burns spokesman J.P. Donovan said. "We are monitoring this as it goes along." Shortly after Wallace got in contact with Burns' office, the file of classified documents disappeared from Gnutella. But many other potentially sensitive files remain on the sharing network, ranging from confidential military documents to internal information on public safety authorities procedures, Wallace said. "If you're a terrorist, imagine the damage you could do with that," Wallace said. "I don't really care if people share their love letters online. The only things I care about are when people share information that could hurt people." Wallace said he now calls agencies once before posting information on his blog but sees the site as a way to spotlight a problem that could cost lives in the future. He said he blacks out information that could be classified before posting a file. _________________________________________ Help InfoSec News with a donation: http://www.c4i.org/donation.html
This archive was generated by hypermail 2.1.3 : Wed Jul 28 2004 - 01:40:27 PDT