BitTorrent and P2P Banned in Antartica
Employees of the United States Antarctic Program (USAP) received a security alert today, warning them about the threats that BitTorrent and other P2P applications pose to them and the USAP. Aside from eating up precious bandwidth, these applications are bound to install viruses and keystroke loggers.
“This is why we shouldn’t use P2P in Antarctica,” an USAP employee wrote us, adding “The gist I got from it was ‘because you are all too dumb to use a computer correctly.’ At least the plans for my secret uranium mine won’t leak out while I’m down here freezing my ass off.”
Indeed, P2P applications are not the real threat, its users are. If someone is stupid enough to put confidential information in their shared folder, he or she is likely to make even worse mistakes.
Below we pasted the full and uncensored security alert that was sent out to the USAP employees earlier today.
Information Security Awareness Monthly Topic: P2P, the USAP, and you
Imagine this scenario. A USAP participant on the Ice wants to get a copy of a popular new game. The user decides to download a copy from Morpheus, which another user has uploaded in the form of a ZIP file. The user eats up a bunch of satellite bandwidth by downloading this file. Then, he opens up the ZIP file and runs the Setup.exe program to install the game. However, the .exe file doesn’t invoke a setup routine. Instead, it’s a virus that starts propagating itself on the network. Or perhaps it installs the game, but it also secretly installs keystroke capturing software that e-mails keystrokes. Do those examples sound far-fetched? In fact, they are both very real threats to the USAP and to your personal information.
From the USAP Enterprise Rules of Behavior, “Use of USAP information resources to participate in Internet-based gaming, peer to peer networking, or streaming media usage activities is prohibited”.
There are many different Peer-to-Peer (P2P) applications: BitTorrent, LimeWire, Gnutella, and KaZaa to name a few more popular ones. Some are used to download legitimate software and media, some illegitimate. None of them are permitted on the USAP enterprise network for both bandwidth and security concerns. P2P applications have the potential to overwhelm the internet connections on the Ice and inadvertently bring malicious software and traffic into the network.
A recent article in ComputerWorld magazine included the following highlights. “Details about a U.S. Secret Service safe house for the First Family — to be used in a national emergency — were found to have leaked out on a LimeWire file-sharing network recently “ … “ Also unearthed on LimeWire networks in recent days were presidential motorcade routes and a sensitive but unclassified document listing details on every nuclear facility in the country.” The leaks likely came from a White House employee’s computer that was running LimeWire to download music, and the software ended up sharing out lots of other documents that were on the user’s system.
While no one on the USAP network should have presidential safe houses lists on their desktop, it shows how easily otherwise sensitive files can be made available to the P2P networks and the rest of the world.
In short, while on the USAP network be sure to disable or uninstall P2P clients from your machine, or to be safe just never use them in the first place.
Dennis L Gitt
Director, Information Technology and Communications
[...] podaje serwis FreakBits, wczoraj uczestnicy Ameryka?skiego Programu Antarktycznego (USAP) otrzymali wiadomo?? [...]