Tuesday, December 02, 2008

Leaked U.S. Army Files Highlight Dangers of Peer-To-Peer

Via The Wall Street Journal.

Organizations that have suffered data breaches usually rush to plug technology or policy holes that led to the loss of information, but trying to retrieve data that has already leaked can be a difficult task.

Consider the case of an apparent data breach of Army soldiers’ names and personal information, the details of which were described in an August letter sent by then Sen. Joseph Biden to Pete Geren, secretary of the Army. The letter, which has been reviewed by The Wall Street Journal, mentions “files containing the personal identifying information of nearly 24,000 U.S. soldiers” that became publicly accessible through a so-called peer-to-peer network. “The files include full names and social security numbers” of the soldiers, the letter says.

The Army wouldn’t confirm or deny the existence of the files, and said it doesn’t comment on ongoing investigations or incidents. A spokeswoman replied in an email that the Army has taken steps in recent months to boost its security. However, there’s little it can do about information on computers the government doesn’t control; in that situation, “the Army can only ask the owner of a public site to remove the information,” she says in the email.

In this case the files—spreadsheets that appear to be lists of soldiers due for promotion—made their way to a peer-to-peer file-trading network, which lets people connect their computers directly to one another. People most commonly use these networks—examples include Limewire and BitTorrent—to swap music files or videos.

More here.


Post a Comment

<< Home