Robert Boback, CEO of P2P monitoring company Tiversa, which discovered the leak, told SCMagazineUS.com Monday that the downloaded file contains a detailed analysis of the anti-missile defense mechanisms used on Marine One.
“Clearly the security measures of Marine One are classified,” Boback said. “The only reason this document wasn't marked classified is because it was in draft format.”
The file also contains communications between the U.S. Department of Defense (DoD) and the Navy regarding the upgrade of the avionics and computer packages of Marine One, he said. Additionally, the file contains the general design of the helicopter and information on the wiring and the inner workings of its computer system.
The file was originally found by Tiversa in the fall of 2008. It was inadvertently leaked by a military defense contractor based in Bethesda, Md., Boback said. One of its employee's computer systems was running a file-sharing program linking the sensitive information about Marine One.
P2P networks most commonly are used for music sharing, but some people don't realize that once a P2P network is downloaded, it opens up a user's hard drive to others, he said.
“It depends on the [P2P] program, but most of the programs index all of the content on the user's hard drive,” Boback said.
When the documents were discovered in the fall of 2008, Tiversa worked with the DoD and the White House to get the file taken down and analyzed. But on Feb. 25, during regular monitoring, Tiversa discovered the same file being hosted by an Iranian IP address.
This means that someone in Iran downloaded the file off the P2P network while it was still available, and is now hosting it from their IP address in Iran, Boback said. Because Iran typically does not respect IP takedown notices, the file remains on the P2P network.
“Once it's in another jurisdiction, such as Iran, there's not much that we can do,” Boback said.
The White House did not respond immediately for comment.
Avivah Litan, distinguished analyst at Gartner, told SCMagazineUS.com Monday that P2P networks contain a vast amount of sensitive information -- corporate secrets, tax returns and personal data, for instance.
Litan said companies must take a multilayered approach to combat this threat.
Enterprises should block P2P software and traffic with more than just a firewall policy -- by using network-based intrusion prevention systems or secure web gateway products, she said. Additionally, companies should consider deploying data loss prevention technology or P2P monitoring, and, crucially, encrypting sensitive documents.
“Corporations think they've got it under control, but when people go home and plug in USB drives and work out of hotel rooms there's no control over what gets loaded on that hard drive,” Litan said. “If people aren't careful, their whole hard drive is exposed.”
In early February, Dartmouth College business professor Eric Johnson released a report that detailed the findings of a two-week study monitoring P2P networks for sensitive health-care documents. In all, researchers found hundreds of documents revealing sensitive information on tens of thousands of patients.