Classified Data on Marine One Leaked, found on Iranian Computer

The information about the President's helicopter apparently leaked last summer

By Jaikumar Vijayan, Computerworld

March 03, 2009 — CSO —

Classified information about the communications, navigation and management electronics on Marine One, the helicopter now used by President Barack Obama, were reportedly discovered in a publicly available shared folder on a computer in Tehran, Iran, after apparently being accidentally leaked over a peer-to-peer file-sharing network last summer.

The classified file appears to have been leaked from a computer belonging to a Bethesda, Md., military contractor and was discovered Thursday by Tiversa Inc., a Cranberry Township, Pa.-based P2P monitoring services provider. P2P networks are widely used to share music, video and data files over the Internet.

The Iranian IP address at which the file was found belongs to an "information concentrator" -- someone who searches P2P networks for sensitive information, said Chris Gormley, chief operating officer at Tiversa. The location where the file was found included several other documents with classified and sensitive military information that were also leaked over file-sharing networks, Gormley said. He did not disclose what the other documents were.

According to Gormley, Tiversa first found information about Marine One's avionics floating around on file-sharing networks last summer and notified the contractor and the authorities about the discovery. Last week's search shows that copies of the document are still available on P2P networks to anyone who knows how to look for it, he said.

This is not the first time that highly classified and sensitive information has been discovered on P2P networks. In July 2007, members of a congressional subcommittee heard from a panel of security experts, including executives at Tiversa, about how they had found millions of classified documents on file-sharing networks. Among the examples cited were a diagram of the Pentagon's secret backbone network infrastructure, complete with IP addresses and password-change scripts; contractor data on radio frequency manipulation used to defeat improvised explosive devices in Iraq; physical terrorism threat assessments for three major U.S cities; and information on five Department of Defense information security systems audits.

Barely a month ago, a professor of operations management at Dartmouth College's Tuck School of Business released a report showing how large amounts of sensitive patient health care data was available on P2P networks after being accidentally leaked by health care providers, physicians and business associates. The data discovered as part of the Dartmouth study included a 1,718-page document containing Social Security numbers, dates of birth, insurance information, treatment codes and other health care data belonging to about 9,000 patients at a medical testing laboratory. Also unearthed were more than 350MB of sensitive patient data for a group of anesthesiologists, and a spreadsheet with 82 fields of information on more than 20,000 patients belonging to a health system.

• Print