A recent breach involved a U.S. Army Special Forces document containing the names, Social Security numbers, home phone numbers and home addresses of 463 soldiers from the Third Special Forces group, based out of Fort Bragg, N.C. The document also contained names and ages of soldiers’ spouses and children.
The document was discovered in connection with a Congressional move to address the continuing risk of data leaks on peer-to-peer (P2P) networks. The U.S. House Committee on Oversight and Government Reform is drafting legislation and contracted with a file-sharing monitoring company to examine the scope of the problem.
Through its research, the firm, Tiversa, turned up the document among 240 others belonging to federal government agencies and military branches, all sitting on P2P networks.
The threat posed by P2P networks initially was discussed in a July committee hearing, after which Chairman Rep. Edolphus Towns, D-N.Y., announced his intention to propose a bill that would ban P2P software on government and contractor computers and networks.
During the past month, Tiversa found sensitive documents belonging to multiple government agencies and military branches, Robert Boback, CEO of Tiversa, told SCMagazineUS.com on Friday. P2P networks, commonly used for music sharing, often result in inadvertent file leaks because, once downloaded, these programs often open up all the contents of a user’s hard drive to others by default.
Tiversa originally identified the document last fall on the file-sharing network Gnutella and notified Army investigators. Then, in May, the document was downloaded by someone with an IP address in Pakistan, and Boback notified authorities.
In addition, Army master sergeant promotion lists for 2005, 2007, 2008 were discovered on P2P networks, Boback said. In total, these documents contained the personal information of about 60,000 Army master sergeants, including their names, birth dates, Social Security numbers, blood types and assignments.
“Though the Army has regulations and procedures to mitigate the release of PII (personally identifiable information), the continued appearance of PII regarding Army soldiers on the internet is troubling,” Gary Tallman, an Army spokesman, told SCMagazineUS.com in an email on Friday. “It underscores that leaders at all levels need to remain vigilant to enforce standards regarding this.”
Boback said both the Special Forces document and the other files involving Army master sergeants are still available on P2P networks.
He added that once a document is leaked on a P2P network, it can be downloaded by numerous individuals, making it difficult to remove entirely.
In a July hearing of the House Committee on Oversight and Government Reform committee, it was revealed that a U.S. Secret Service document, which detailed how the first lady would be transported if the White House were evacuated, was leaked on a P2P network. In addition, someone discovered a document over a file-sharing network that contained the location of every nuclear facility in the United States.