Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Privacy The Internet

P2P Leaks Surprises 389

kilian.cavalotti writes "A new Web log is posting what it purports are pictures, documents and letters from U.S. soldiers and military bases in Iraq and elsewhere--all of which the site's operator claims to have downloaded from peer-to-peer networks such as Gnutella. The "See What You Share" site has been online for a week and has published photos ranging from a crashed military jet to a screenshot of a spreadsheet file that appears to include names, addresses and telephone numbers of marines. The site's operator, a 30-year-old named Rick Wallace, wrote in a blog posting that he is trying to help the military understand how serious a security risk unmonitored peer-to-peer file sharing can be."
This discussion has been archived. No new comments can be posted.

P2P Leaks Surprises

Comments Filter:
  • Okay (Score:5, Funny)

    by Corporate Troll ( 537873 ) on Wednesday July 28, 2004 @03:42PM (#9825073) Homepage Journal
    I don't care what the military shares, but I surely want to see more of her [seewhatyoushare.com]... Redheads.... *drool* ;-)
  • The FBI is on the way...
  • by agraupe ( 769778 ) on Wednesday July 28, 2004 @03:43PM (#9825082) Journal
    If you choose to expose security weaknesses, don't take advantage of them. Tell those who can fix it/do something about it, and no one else. What this person is doing will just give other people ideas.
    • by Sheetrock ( 152993 ) on Wednesday July 28, 2004 @03:49PM (#9825187) Homepage Journal
      He can't contact every file sharer directly. In some cases he can't be sure the sharers are the original net source for what they're posting.

      This is probably the most efficient way he can get the message across: P2P has absolutely no place in a business or military environment and P2P access should be disabled at the router for security.

      Unfortunately this guy could take a fall for trying to do the right thing because of the mindset that the first guy that makes the public aware of a problem is responsible for the problem. When in reality we should be looking at P2P authors.

      • by Exiler ( 589908 ) on Wednesday July 28, 2004 @04:04PM (#9825380)
        We should be looking at P2P authors for providing a medium that people use to do wrong?
      • Thanks for COTFU (clicking on the f'ing url) where he clearly details how he found documents and immediately contacted the appropriate branches of service and/or military bases.

        They did NOTHING. So he posted self-censored documents to shame them into fixing the problem.

        I have no problem with that.
      • When in reality we should be looking at P2P authors.

        Absolutely not. P2P authors, like any other programmers, are making tools. The person who should be held responsible is whichever idiot shared the files in the first place - even if accidental, why on earth was he running a P2P server on a government machine with classified data?

      • In my corner of the military, at least. On a regular basis, all systems connected to the WAN are scanned - for viruses, for messenger programs, for P2P programs, and anything else that shouldn't be on those computers. Finding any of those programs can get a computer kicked off the network, and anyone found actually using those programs can get their right to use government systems revoked. I've already had it happen to one person who was looking at pr0n on a government system.

        Now, were these files coming f
    • Maybe the people who were careless with the stuff in the first place will do a double-take now. If the idea that this happens isn't general knowledge, then people will assume it doesn't happen and will continue being careless. Public release is an important feedback mechanism.

      I would agree that it might be prudent to inform the public after plugging up any non-human weaknesses, but ultimately, the weak link here is people.
    • by Anonymous Coward on Wednesday July 28, 2004 @03:55PM (#9825268)
      From the 'Why this site exists' section of his site:


      A few months ago, I downloaded some military briefings from the Gnutella Network. The briefings were zipped and the file contained 21 documents with classifications ranging from For Official Use Only to Secret/NO FORN. Shocked at my discovery, I notified an agency on a nearby military installation. When nothing happened, I notified another agency. I continued this course because no action was taken and for a nation at war, I was concerned for the safety of our soldiers.


      So it seems, he DID tell those who can do something about it, and that nothing is getting done.

    • The problem is that somebody published the pictures on the network. Did anybody notice that, or would we rather just follow Rick's solution and have the people from our oh-so-trustworthy 'that blunder is confidential' military tell us what we can publish and see on the internet? Oh, sounds great. "Hey Jim, this picture has 'no war' written on it. You know what to do..."

      I guess we COULD track down whoever leaked the info, but why do that when you can go after anyone on or in the remote proximity of any
    • Sometimes telling people of the problem isn't enough for them to react to stop it. I don't know if this is the best way to make those in power aware this situation, but I'm sure it will be effective. The pictures I saw didn't look too bad, so quick action to stop this from happening in the future might be better than not making it public where it wouldn't get anyone's attention to stop it.
    • by jemenake ( 595948 ) on Wednesday July 28, 2004 @04:25PM (#9825580)
      If you choose to expose security weaknesses, don't take advantage of them. Tell those who can fix it/do something about it, and no one else. What this person is doing will just give other people ideas.
      Unfortunately, most people don't take it seriously unless it really happens to them or if they see it happen to someone else like them.

      A great example of this happened at my university about 10 years ago. The campus ran a cluster of unix machines for students to get email, read usenet, compile C programs, run nethack, etc.

      The nerds amongst us were fairly concerned that the admins: 1) didn't keep the passwords in a shadow file, and 2) didn't run Crack on the password file to find weak passwords. I guess the reasons were that: 1) the OS (I think it was AIX at the time) didn't support /etc/shadow, and 2) the admins shuddered at the thought of freezing the accounts of and having to talk scores of users through the process of changing their passwords.

      So... one of the nerds kinda... "settled" the issue for them. He ran Crack on the entire password table and POSTED all of the cracked login/password combos (a couple thousand out of something like 10,000 users, I think) to the local campus newsgroups.

      Of course... this led to only one account being frozen... and you can probably guess whose it was.

      But the campus did start to show a newfound interest in password robustness after that.
  • my email to Glen (Score:5, Insightful)

    by rpdillon ( 715137 ) * on Wednesday July 28, 2004 @03:43PM (#9825084) Homepage
    Glen Breakwater-

    As a former member of our armed forces, and an avid technophile as well as outspoken supporter of freedom in all its forms, I have a question:

    What exactly are you advocating?

    It sounds an awful lot like you're complaining, but you have absolutely no idea how to solve the problem you've raised. This is not constructive...it is merely whining. Do you want to ban P2P services? Do you want to attempt to make yet more copy protection systems? Or are you doing what Michael Moore does and complaining about a situation while having no solution whatsoever?

    As for my view: it is the price of freedom. If you don't want Secret/NOFORN documents distributed on the web, then don't hand them out to people! Make sure the only machines that have them are on SIPRNET and take out the damn floppy and zip disk drives.

    My position: people are stupid, and until we decide to take real measures to protect secret data (i.e. not providing removable media for secret computers), we'll get burned. A nation at war? Yes, I went to Iraq three times in the past three years. But don't blame the soldiers, or the P2P programs. Blame the idiots that make the information available and the idiots who build the computers and set IT policy for the DoD.

    Peer to peer filesharing is NOT a security risk. The lack of a comprehensive security program within our military is a security risk.

    Regards,
    • You are absolutely correct on this. P2P is a mechanism that can be subverted into immoral/illegal acts.
      The military should be requiring all correspondence to be encrypted, sensitive data (especially residence info) to be removed from common access (and also encrypted), and disclaimers to soldiers' respondents detailing how the emails should not be forwarded for said security matters (and maybe a warning of prosecution for privacy violations?).
    • by PCM2 ( 4486 ) on Wednesday July 28, 2004 @03:52PM (#9825229) Homepage
      It sounds an awful lot like you're complaining, but you have absolutely no idea how to solve the problem you've raised. This is not constructive...it is merely whining.
      Um ... as a taxpaying citizen, is it really too much to ask for the military to take care of its own business, when ostensibly the security of our entire nation is at stake? Since when do you or I get to vote on how the military handles its own housekeeping? It's not up to you or I (or Glen) to establish military policy. All we can do is ask that they please address the issue. I think he's done that in a pretty alarmist way -- but he obviously feels like that's what it's going to take.

      "Ban" P2P services on military computers? By all means, if that's what it takes. Establish penalties for soldiers who fail to observe security protocols? Abso-effin-lutely. This ain't a civil liberties issue, people, and we're not talking about dismantling entire technological innovations here or anything -- this is the military. I wholeheartedly agree that, before Congress comes along and pushes through any further legislation blaming the American people for failures of security policy (i.e. the Patriot Act), the people who are really and literally on the front lines of the information security issue need to get their shit together in a big way.

      • From my experience, I doubt those programs are running on government machines...what probably happened was people copied them from government machines and shared them on their private machines. I'm highlighting ther problem that they should have never come off the government machines.

        Just so my position is clear: don't legislate against P2P, make the military fix it's security problem.

        Glen doesn't go one way or the other, and that's my problem. I want him to take a position on what should be done.
      • by Orne ( 144925 )
        When do we get to vote on how the military handles housekeeping?

        How about every two [gpo.gov] or six [gpo.gov] years? Remember, the Congress approves how the military spends its money, and they define the laws by which the military must operate.

        Bring this issue up to your representative's office [house.gov], and let them know that we don't approve the lax I.T. policies. Or how about write to someone on the Armed Services Oversight Committee [senate.gov], inform them that things like this are taking place, that national security is at risk. If the
      • Re:my email to Glen (Score:3, Informative)

        by gruhnj ( 195230 )
        Since when do you or I get to vote on how the military handles its own housekeeping? It's not up to you or I (or Glen) to establish military policy. All we can do is ask that they please address the issue.

        Well, I am one of those that help in establishing military policy. I work in the Theater Network Operation and Security Center - Korea (TNOSC-K). I can tell you that the policy is all there already. The Army has established AR 25-1, Information Systems Security, which specifically addresses NIPER vs SI
    • by criquet ( 120814 ) on Wednesday July 28, 2004 @03:56PM (#9825279) Homepage Journal
      Simply because someone raises an issue that concerns them without having a (stated) solution does not constitute complaining nor whining.

      Though I agree with you point that p2p is not the problem.
    • by kfg ( 145172 ) on Wednesday July 28, 2004 @04:02PM (#9825352)
      It sounds an awful lot like you're complaining, but you have absolutely no idea how to solve the problem you've raised. This is not constructive...it is merely whining.

      I'll bet your auto mechanic just loves it when you refuse to tell him what's wrong, but tell him how to fix it.

      KFG
    • The problem is the lack of accountability. The people sharing these files are already breaking the UCMJ, specifically failure to obey, by installing unauthorized software. If those pictures are from a military computer, then they most likely downloaded from a personal camera that shouldn't have been attached to the network as well.

      2nd, these aren't classified documents or pictures. Should it be protected? Absolutely, but it's not classified. The problem isn't floppy drives specifically, there are procedure
    • Re:my email to Glen (Score:2, Interesting)

      by seafortn ( 543689 )
      As another former member of the armed forces, with plenty of trips to plenty of places, I say hell yes - ban p2p on official computers - in fact, p2p software is already prohibited by most unit signal officers - these people are probably blatantly disregarding rules designed to protect them - I say go one further, track this stuff back to the originating computers, and get these numskulls Article 15s for not complying with published regulations...

      You might argue that p2p could be useful, but obviously the

    • by composer777 ( 175489 ) * on Wednesday July 28, 2004 @05:30PM (#9826167)
      My take on it is that all this talk of security is pretty ridiculous. You're average American belongs to the safest and least threatened group in the entire world. If we cared that much about security we would realize that the first step in creating real security is to provide it to those who need it the most, not those who need it the least. We could start at home, by providing security for those who are most threatened by violence on a daily basis, that is, the poor and the minorities. Ironcially, by focusing on increasing their security, we would in fact also be making the world safer for the most secure group, rich whites. Increasing security for the disadvantaged could involve a multi pronged approach:
      1. Create a program of effective affirmative action that would truly provide equal opportunity, as a start, providing such basic things as shelter, healthcare, etc.
      2. Eliminate racist drug laws that needlessly disciminate again the poor.
      3. Eliminate racist police offices that are one of the biggest threats to the urban population.

      Outside our borders, increasing security would involve a similar approach.
      1. Work to raise the standard of living rather than handing over resources to corporations that are only interested in plundering.
      2. Stop shooting and torturing people, which is one of the biggest threats to security of innocent Iraqi people.
      3. Stop giving Israel carte blanch support to murder, round defenseless Palestineans up into concentration camps and bulldoze their homes.
      4. Stop supporting corrupt, undemocratic regimes such as Saudi Arabia, Saddam Hussein's Iraq in the 80's, etc.

      But, we won't take these steps, our government doesn't take these steps because they realize that security isn't that big of an issue. In fact, the War in Iraq has the effect of increasing terrorism and decreasing security, not just for Americans, but also for the people of Iraq. On the other hand, the people of America won't take these steps because we're a bunch of racist cowards that think that we alone have the right to feel safe in our homes, but that black guy in the ghetto, well, he doesn't, and the Iraqi's in Abu Gharaib, well, they should have known better. It never occurs to us that increasing security of the poor might be the quickest way to create a safe and secure world for everyone. Nor does it occur to us that it is impossible to have perfect security. For some reason we believe that security is our birthright, and ours alone. I can't think of another group on this planet that has a greater expectation of perfect security than middle class Americans. It's a nice goal, but if we are truly interested in real freedom and equality, then we will realize that security can't be just a thing reserved for priveledged American whites.
      • by arkhan_jg ( 618674 )
        My take on it is that all this talk of security is pretty ridiculous. You're average American belongs to the safest and least threatened group in the entire world.

        Uhh, what?

        I recognise your solutions as valid ones, but you also need to recognise how urgently they're required because the average security of your citizens frankly, sucks (especially those in the cities)

        http://www.mercerhr.com/pressrelease/details.jh t ml ?idContent=1084835

        The highest ranking spot for a north american city last year was 40t
        • Re:my email to Glen (Score:3, Interesting)

          by composer777 ( 175489 ) *
          I stand corrected. Thank you. You are right, our average security sucks, that was part of my point, which I didn't state very well. However, the security for the group (mainly priviledged middle class whites with computer access) that tends to read slashdot is excellent. This is the group that I am addressing. I should not have used the word "average American", I should have qualified it as "the average middle class white American", which is exactly the group that is most concerned about terrorism and
  • Hmm (Score:2, Informative)

    Sounds more like he is trying to train them in target practice to me.
  • by The Importance of ( 529734 ) * on Wednesday July 28, 2004 @03:43PM (#9825090) Homepage
    The problem is that the website author emphasizes that "Technology often outruns legislation. So is the case with Peer 2 Peer networks." He seems to assume that P2P should be legislated against. However, this is a security issue, not an issue specific to P2P systems. Education and other controls should be used to minimize this problem. The military would never let Joe Soldier run a rogue server, why would they let them run any old P2P app on a system with classified information? See, P2P Problem or Security Issue? [corante.com].
    • by Atario ( 673917 ) on Wednesday July 28, 2004 @04:04PM (#9825390) Homepage
      You hit the nail on the head. The same principles apply to soldiers gabbing about classified stuff F2F, never mind P2P.

      Oh, and I submitted this with a funnier headli...er, wait, this isn't Fark, is it.

      Well, I did submit it, with a link to a ZDNet article [com.com] about it, in which they give a little more detail about what happened with the blogger's attempts to get the authorities involved:
      In an interview from Germany, where he lives with his wife, a U.S. Army officer, Wallace said he had contacted local military intelligence about the issue. They forwarded the information to a higher level, but there was little further response until he contacted the office of Sen. Conrad Burns, who represents Wallace's home state of Montana, Wallace said.
      ...
      Shortly after Wallace got in contact with Burns' office, the file of classified documents disappeared from Gnutella.
      Ummmm...what??? How powerful is this senator, that he can pluck a given file off a decentralized P2P network? How did he do that? Am I going to get an insistent knock on my door for even questioning this?

      Tell my wife I love her! AIEEEE!!!
      • Sounds like the Senator's office knew the right people to get the message through to the people who were sharing the files incorrectly. How is this frightening? Many people appeal to their Senators over all kinds of issues where you really need to get through to someone in government who's hell bent on ignoring you.
      • Shortly after Wallace got in contact with Burns' office, the file of classified documents disappeared from Gnutella.

        Ummmm...what??? How powerful is this senator, that he can pluck a given file off a decentralized P2P network? How did he do that?

        1) Senator calls DOD aide in and says "find where this is being leaked" (hands him copy of secret document
        2) DOD aide makes call to appropriate Army commander (based on the unit(s) referenced in secret doc)
        3) Army commander calls in his IT and BuddyFucker(couin

  • by markana ( 152984 ) on Wednesday July 28, 2004 @03:43PM (#9825092)
    the risks of P2P.... especially publicly exposing security holes.
  • by grub ( 11606 ) <slashdot@grub.net> on Wednesday July 28, 2004 @03:44PM (#9825097) Homepage Journal

    search your favourite P2P network for things like ".XLS". When you find some that are obviously not intended for public viewing then look at the person's shared files for more goodies.

    not that I'd ever do that.
    • Even better, search for .pst and find email, or "My Documents" to find lots of fun files.

      I think the problem is not necessarily better security, but increased user education. Tell people not to "search my hard drive for files to share," to choose what folders are being shared, and to verify periodically what folders/files are shared.

  • I always thought... (Score:5, Interesting)

    by digitalsushi ( 137809 ) * <slashdot@digitalsushi.com> on Wednesday July 28, 2004 @03:44PM (#9825104) Journal
    I always thought military desks had two machines on them. A public internet and a military internet, and at no point were they ever interconnected. Is there any shade of truth of that *at all* in any branch of our military? It certainly sounds like any casual remark anyone might make at the watercooler, but it'd be interesting to hear from someone who's been there.
    • by rpdillon ( 715137 ) * on Wednesday July 28, 2004 @03:49PM (#9825176) Homepage
      You are correct...there is NIPRNET (public internet) and SIPRNET (an entirely seperate, secret and very large network for military). The problem is that sometimes presentation computers are NIPRNET, and sometimes you have to give secret briefs. Or sometimes someone doesn't have SIPRNET set up correctly (its an involved process), so some idiot copies secret files to a floppy. As I said above in my email: SIPRNET computers shouldn't have floppies or zip. No removable media. Oh, and while youre at it, can we ditch all the MS contracts too, and move to something secure?
      This is the case all over, and I got tired of it when I was in the military...the security is not where it should be an no one cares.
    • by PhxBlue ( 562201 ) on Wednesday July 28, 2004 @03:52PM (#9825230) Homepage Journal

      I always thought military desks had two machines on them. A public internet and a military internet, and at no point were they ever interconnected.

      This is true at the base level, but not at the desk level - at least not for most folks. SIPRNET-linked computers, at least at the Standard Systems Group (and DISA, which are both on the same campus), are housed within secure facilities; and computers linked to the NIPRNET (the regular 'Net) are not.

  • Why This Site Exists (Score:3, Interesting)

    by diagnosis ( 38691 ) on Wednesday July 28, 2004 @03:44PM (#9825110) Homepage
    Taken from the web site:

    Why This Site Exists
    Technology often outruns legislation. So is the case with Peer 2 Peer networks. Many people obtain P2P software so they can download music or movies. A large number of those people do not have any idea what they are sharing.

    A few months ago, I downloaded some military briefings from the Gnutella Network. The briefings were zipped and the file contained 21 documents with classifications ranging from For Official Use Only to Secret/NO FORN. Shocked at my discovery, I notified an agency on a nearby military installation. When nothing happened, I notified another agency. I continued this course because no action was taken and for a nation at war, I was concerned for the safety of our soldiers.

    It may appear that I am picking on certain institutions. This is true. I want everyone to know that we can be our own worst enemies when we don't understand the full power of our technology. I want every military and government agency to see first hand what is being shared with anyone who has a computer. Since a picture is worth a thousand words, I can save myself some talking.

    ----------------------
    Freedom or Evil: Freevil.net [freevil.net]
    G. W. Bush says, "You decide!"
  • Oh no... (Score:2, Insightful)

    by ALeavitt ( 636946 )
    This is just going to lead to more cracking down on P2P file sharing, even the legitamate kind. Really, accidentally sharing files only comes from ignorance, obliviousness, or some combination of the two. If you don't know what you're sharing, you shouldn't be using P2P. It's that simple. I guess I just thought it was common sense to keep track of what people have access to on one's computer. It seems that a lot of people lack common sense.

    Oh, and barring any posts while I'm writing this, FP!
    • Crackdown my ass. I bet that nobody in power really cares. Or can really do anything. Nobody owns the internet (too fucking bad for them, isn't it).

      Besides, if you intend to share this stuff, you should be using Freenet anyway. No encryption key = no data.
  • by SteroidMan ( 782859 ) on Wednesday July 28, 2004 @03:45PM (#9825116)
    Yikes! Is he trying to get what little liberties we have left removed? And we thought the RIAA/MPAA were the biggest threat to P2P networks. They have nothing on a peeved military!
  • Place your bets now! (Score:5, Interesting)

    by koganuts ( 526569 ) on Wednesday July 28, 2004 @03:45PM (#9825117)
    It'll be interesting to see how long it'll take before the operator of that weblog is arrested, even though he's trying to prove a point.
  • He's asking for it (Score:3, Insightful)

    by Dukeofshadows ( 607689 ) on Wednesday July 28, 2004 @03:45PM (#9825121) Journal
    Would anyone else be surprised if this site is shut down or sternly repremanded (perhaps quite publicly) within the week?

    His intentions are good, but we all know about that cliche.
  • by whoever57 ( 658626 ) on Wednesday July 28, 2004 @03:47PM (#9825149) Journal
    ... where are the other "raunchy" photos?
  • Absurd (Score:5, Insightful)

    by cephyn ( 461066 ) on Wednesday July 28, 2004 @03:48PM (#9825158) Homepage
    First off, if classified info got to a P2P network, then there was a security breach BEFORE it got there. The p2p network is not the problem.

    Second, if the info isn't classified, why shouldn't it be on p2p? If a jet crashed and there's a picture, and its not classified info, then there's nothing wrong with it being public information, because it IS public information.
    • Re:Absurd (Score:5, Insightful)

      by FerretFrottage ( 714136 ) on Wednesday July 28, 2004 @03:57PM (#9825298)
      If a jet crashed and there's a picture, and its not classified info, then there's nothing wrong with it being public information, because it IS public information.

      Not with the current administration....remember the casket picture incident? They [the pictures] were not classified, but you better not show them to the people.

    • Second, if the info isn't classified, why shouldn't it be on p2p? If a jet crashed and there's a picture, and its not classified info, then there's nothing wrong with it being public information, because it IS public information.

      Good point. In fact, how does he know that all this data was on P2P networks by accident? I hope some of these people shared some of the non-classified data on purpose. Or do we all believe the RIAA's claim that the only purpose of P2P networks is to infringe on copyrights?

    • Re:Absurd (Score:3, Interesting)

      by Mz6 ( 741941 ) *
      Well, your medical history isn't classified, but if someone picked that up and looked through it and posted it on the Internet, you would probably be pretty pissed off and embarassed all at the same time. Not all unclassified information is PUBLIC information.
  • File sharing in the military could be a good thing. Hopefully the RIAA will make the mistake of trying to sue the military for copyright infringment, causing the US military to begin taking out "targets of opportunity" here in the US *cough Mitch Bainwol & Hilary Rosen cough*...
  • by enforcer999 ( 733591 ) on Wednesday July 28, 2004 @03:48PM (#9825167) Journal
    I believe that the problem is not P2P vulnerabilities but the users knowledge of the software and how to secure their own files. What it boils down to consumer education.
  • by EnnTeeDee ( 799496 ) on Wednesday July 28, 2004 @03:50PM (#9825190)

    he is trying to help the military understand how serious a security risk unmonitored peer-to-peer file sharing can be

    He's right -- P2P networks are used to distribute weapons of mass destruction [britneyspears.com].

  • by Eberlin ( 570874 ) on Wednesday July 28, 2004 @03:50PM (#9825200) Homepage
    This is different from full-disclosure of software vulnerabilities because this is more a human error than anything else. It's not like there's software to be patched...it's a matter of educating the user as to what they're doing wrong.

    The only real problem here is the public disclosure of personal information -- if I were one of the names shown, I'd probably be upset. (of course if this is going on in a widespread fashion, I'd be upset anyway) In the end we can only hope that the "shock value" of presenting these to the public will create enough awareness to minimize the problem.

    Otherwise we can all watch as the spinsters pull another argument for their "p2p is evil" campaign.
  • Not sure what he is advocating/saying, other than probably whining, but its interesting to see the guy has his own censorship ....leaves me speechless
  • Office LAN (Score:2, Interesting)

    by jekewa ( 751500 )
    I once consulted at a place where someone thought to bring some questionable P2P software in to "bring his music software to the office." He ran the same software on his home PC where he did have a collection of ripped CDs, as well as previously P2P downloaded music and videos.

    He was not cautious about his setup, and I very quickly showed him how I could basically browse his entire computer hard drive, and (granted with a little hands-on) very quicky map every network resource his system had access to. I

  • because you know nobody messes with anybody on those networks. Case in point download a video that's got a filename "brittney_spears_lez_nasty_anal_horse_beast.mpg" if you take off your glasses and squint you can tell it's really her behind the thick german accent.
  • by cyberlotnet ( 182742 ) on Wednesday July 28, 2004 @03:53PM (#9825242) Homepage Journal
    Did you read http://www.seewhatyoushare.com/2004/07/why-this-si te-exists.html

    He made valid and physical attempts to inform the proper people about the issues and he saw no response, no action, he was basically ignored.

    Well I bet they are taking notice now.. I would like to see every single person he talked to in the military that did Nothing up on military charges and kicked out of the military with nothing.

    No better yet a true example should be set and they should end up in prison for threating the security of our nation.
    • Take a look even further, He even took the time to blank out possible "important" data.. Nothing at all on his website reveals any important information at all.

      He has done his best to both protect while providing enough information to maybe just maybe wake someone in washington up.
    • It seems possible that the reason the military did not respond is because the information on the P2P networks was misinformation that the military hoped would fall into the hands of the enemy. If I'd put misinformation on a P2P network, I a) wouldn't want to admit that is was misinformation and b) wouldn't want to lie to the american public and say it was a security hole.
  • I kinda hope someone will bother to talk to Capt Farnham about failure to properly handle FOUO and Privacy Act data before his commander gets wind of it.

  • Surprising (Score:5, Interesting)

    by Quila ( 201335 ) on Wednesday July 28, 2004 @03:58PM (#9825300)
    In the extremely large military network I worked on, all P2P ports were blocked (the rule was deny all, allow by exception) and the IDS was tweaked to catch anyone who fiddled with the ports to get around that. The security guys were not nice to people they caught.

    I guess some areas of the military just aren't set up that well.
  • by canter ( 43098 ) on Wednesday July 28, 2004 @03:58PM (#9825308)
    It sure seems like Joan is a Harley Davidson freak. It looks like she's completely outfitted for a week of sun and fun..

    Leather Jacket.. Check
    Swim Suit.. Check
    Necklace.. Check
    Gold dress.. Check
    Bras.. Check
    Shoes.. Check
    Panties.. Umm. hmm. Not Check.

    I think I'm in love.
  • by 2Wrongs ( 627651 ) on Wednesday July 28, 2004 @04:00PM (#9825340)

    Finally a slashdot article I can comment on knowledgably.

    I'm an officer in the US Army and on a casual glance through the file list there's nothing on there that's classified. You can look up most of these manuals on google.

    Here's a site that lists a couple: US Army Fields Manuals [globalsecurity.org] Not hugely helpful unless you have training and equipment, but I guess if I were a (bored) terrorist, I'd read em.

    • by Mz6 ( 741941 ) * on Wednesday July 28, 2004 @04:33PM (#9825657) Journal
      As I've stated previously on here...

      I'm sorry to say but it's NOT public knowledge to list what classification level service members have. This guy posted a document with several service member's names AND classification levels. Not only this it lists the base they are stationed at and their names and ranks. He was nice enough to blur out their SSN though...

  • Well (Score:4, Insightful)

    by XeRXeS-TCN ( 788834 ) on Wednesday July 28, 2004 @04:22PM (#9825551)

    You can't really argue that this is likely to give people ideas and hurt the country, because while it's not a very obvious course, it's highly unlikely that he's the first person who's ever thought of looking for sensitive documents on p2p networks. To say that it's "helping the bad guys" is being naive and underestimating the intelligence gathering skills of the 'enemy'.

    To quote the most famous example of terrorism against the United States, if a terrorist organisation is coordinated enough to slip various teams with weapons onto several seperate aircraft, and crash those planes into US buildings, I wouldn't say searching internet resources (be they web or p2p) for sensitive information that has been leaked or poorly secured is beyond them, by any stretch of the imagination.

    It's also similar to the "Deceptive Duo", who were Americans who hacked military websites and defaced them with screenshots of personnel databases, under the flag of 'patriotism'; in an attempt to make the military realise the importance of security within their systems. The difference being of course that they intentionally penetrated military networks to achieve this, and used uncensored screenshots of databases, revealing private information on government personnel. As such they were arrested for it.

    This site hasn't gone so far as to display any critical security data, or illegally access any systems. I have seen and heard of many examples where a hacker has warned a sysadmin on several occasions about the dangers of vulnerabilities in a network, only to be ignored until finally the site ended up being defaced, so I can understand his impatience to some extent. The next person to run off and harvest this information might not be so eager to censor what they consider to be personal data.

    There might be an influx of curious people running off to p2p networks to see what they can turn up, but I really don't see this as too much of a concern in the grand scheme of things; what security risk does a 14 year old kid who wants to look cool pose? It's not information that anyone particularly wants public, but in the hands of the average private citizen, it's not drastically critical. A US citizen could probably get a fair few details from public records, or socially engineer contact details out of people. But any "terrorist" who would have been intelligence gathering has more than likely done this sort of activity already.

    It's not the easiest problem to rectify though, without some sort of drastic overhaul in the system, and some method of securing or blocking p2p systems across all military computers, which would be a rather hard thing to enforce, and would annoy many soldiers who are used to using these systems. But of course, national security has to come first. If nothing else, an explanation of the importance of not sharing entire drives would be a start.

  • by raytracer ( 51035 ) on Wednesday July 28, 2004 @04:53PM (#9825823)

    What I find really funny is just what a threat a paranoid public is to liberty and freedom of all Americans.

    I'm frankly somewhat comforted by the fact that we have pictures coming out of Iraq that have not been filtered through the military censors and government spin doctors. I think it's good that we find out about Abu Ghraib. There is a fine line between keeping information secret to promote security and keeping information secret to deny culpability.

    You can't put the genie back in the bottle: people want digital cameras, internets and camera phones. People will take pictures of things and share them with others. For the most part, I think more is gained than more is lost. The worst thing that can happen is for people to lose sight of what their government and military are doing. Are some images disturbing? Yes. Do they force us to uncomfortable conclusions about our government? Probably. But what is the alternative: to go on as if such things simply didn't happen? I hope we are braver than that.

  • by 0x0d0a ( 568518 ) on Wednesday July 28, 2004 @04:56PM (#9825854) Journal
    Mr. Wallace has an interesting point -- stuff is being accidentally shared that people would probably prefer not to be shared. This is interesting. However, I do not agree with his conclusion, that "legislation has not caught up with the P2P world". All P2P does is enable data to be transferred -- people have been accidentally sharing data for a long time. I remember when an journalist (I believe it was Adam Engst, of TidBITS) wrote an article about how he accidentally placed some pictures of himself that he didn't want made public in a directory with an unusual name on a webserver. They were eventually accidentally made public. This is certainly not a problem inherent to P2P systems -- it can be done on any system that allows data transfer, and on any system that is worldwide and allows anyone to provide data (such as P2P networks or the Web), it is quite certain that accidental distribution of data will happen.

    Now, I can agree that some P2P apps could use some revision. P2P apps should not scan the entire hard drive for files -- they really need a "shared" directory to be designated, even if it requires the user to do some extra work. But this is a software user interface issue, not a legal issue that requires legislative intervention, as Mr. Wallace seems to feel.

    There is certainly nothing of particular significance to P2P when it comes to potential data leaks. Client-server models can allow just as much a problem.
  • by Doc Ruby ( 173196 ) on Wednesday July 28, 2004 @05:21PM (#9826078) Homepage Journal
    These leaks are exactly why the "old media", and the politics (Republican, Democrat, Libertarian, you name it) they protect, fear P2P technology so much. Their power, and the profiteering it perpetuates, depends on their central control of the "official truth". One of the mechanisms that accelerated the demise of the Soviet Union was the spread of fax machines in Eastern Europe, which made Pravda ("Truth") too complicated to manage in the minds of the people it oppressed. Now the more nuanced American media control is threatened by more advanced technology, and regime change is in the air.

    P2P has some disadvantages, like level of confidence in the content. But that can be mitigated by evolution of the same technology, with corroboration amid complex webs of trust. But the leaks of actual recordings of repellant acts make it much harder for their actors to pretend they're anything but trouble. Cameraphones for peace!
  • by jdun ( 310373 ) on Wednesday July 28, 2004 @09:55PM (#9827844)
    The guy is stupid. Not only does he not know anything about the US military or the regular GI do with their spare times. I do not know if those list are real or fake but the image is nothing to worry about. Most enlisted don't know jack about what the higher echelon is doing until the finial phase. Case in point: My friend got a notice to ship out. He had a one-day notice. No one on the ship except the Captain and his XO know in advance of what was going on. My friend doesn't even know when he will come back. It wasn't a special mission or anything. In fact when he got back home, he told us that they just ran around in circle for ten days doing nothing. This is just a small example of how the military works. The US military don't think like regular civilian.

    On the pictures issue, if you go to any gun or military website forum, you will see a lot of pictures that were taken by GIs all over the world, from combats to RR. There are in fact millions of pictures floating around websites that show those kinds of pictures. You don't need P2P to find out. GIs have their own website, units have their website, and God know how many other military related website on the web that show those kind of pictures.

    Here is an unit with their website and images. Some of the pictures are from Iraq. I found some of them enjoyable.
    http://www.strykernews.com/gallery/out laws?page=1

"The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts." -- Bertrand Russell

Working...