Soldiers' data stolen, exploiting P2P tech

A private firm that monitors cybersecurity has discovered a stunning number of breaches, as the personal data of tens of thousands of U.S. soldiers continues to be downloaded by unauthorized users around the globe. Tiversa, which scours the Internet for sensitive data, discovered the data breaches while conducting research for private clients. The data was spotted as far away as Pakistan and China.

The company made its discovery by using "peer-to-peer" file-sharing software, which can be easily downloaded on the Internet. Many computer users do not realize that it can make the contents of their computers available to other file-sharers.

Rep. Edolphus Towns (D-NY), chairman of the House Oversight and Government Reform Committee, found out about the data breach from Tiversa, and is now drafting legislation to address the problems raised by P2P technology. "What is striking about these file-sharing leaks is that these aren't one-time events. Once this software is installed and files are leaked, the leaking is continuous," said Towns.

This widespread practice of P2P software should be a cautionary tale for every federal agency, and quite possibly could prompt them to ban P2P activities right now. The Army has tried to ban P2P software before, but apparently unsuccessfully. In 2003, it instituted policies barring use of the software. The Pentagon did the same in 2004 and so did defense contractors. But critics say the policies often are not enforced.

"These guys are operating behind lines, and they are absolutely in the deepest part of the fight," James Mulvenon, vice president of the intelligence division at Defense Group, a security consulting firm, told the Washington Post. "The fact that the documents have the names and addresses of the families and all the pressures that could be put to bear on them, it's a nightmare."

For more on P2P vulnerabilities:
- see this Washington Post article
 
Related Article:
Army keeps soldiers from using new IT