Marine One leak via P2P software

In my last post about the dangers of P2P software, I discussed how P2P software may prove useful for collaboration, but there are also many risks. In the news recently, reports disclosed that the blueprints of Marine One (the President’s helicopter) was found on a P2P network. According to the CEO of the firm who found the file, “We found a file containing entire blueprints and avionics package for Marine One, which is the president’s helicopter.”

Speculation is being made as to who was responsible for the leak. It is thought to possibly be a defense contractor who may have had the program installed on their computer. According to retired General Clark, “We know exactly what computer it came from. I’m sure that person is embarrassed and may even lose their job, but we know where it came from and we know where it went.” Supposedly, the file was accessed in Iran, China, Pakistan, and a few other places.

People don’t realize the dangers involved when installing this type of software on their computers. My question is how was this software allowed to be installed on a system that held such sensitive data?

Why stay away from BitTorrents & P2P sites

P2P, BitTorrent, and other file sharing services may offer a convenience for those looking to exchange large files or other collaboration uses. However, when using such sites for pirated software, audio, and other data, many users are unaware of the dangers involved in ”convenient” downloads.

Intego, a security firm, recently released an alert for a Trojan horse found in a pirated version of Apple iWork 09. Although the software works as a legitimate copy of iWork 09, an additional package also installs itself, giving remote access to a malicious user. This can allow the malicious user to install additional malware, monitor the unsuspecting user, or even start copying personal files. As of the date of their security warning, at least 20,000 people have downloaded this malicious software.

This is a prime example of the inherent dangers of BitTorrent and peer to peer websites. Users should use other means to test new software (i.e. a trial version), purchase their own “legitimate” copies, and stay away from free software from unknown sources. Even legitimate sources should be scrutinized, as they can be compromised as well. Most vendors post a MD5 hash of their software which validates that it hasn’t been changed. Free MD5 hash utilities can be used to check the integrity of the downloaded file against the hash provided by the vendor. For more information, use your favorite search engine to find free MD5 hash utilities.