JuiceAPac - Update: Strike Fighter data was leaked on P2P network in 2005, security expert says

Update: Strike Fighter data was leaked on P2P network in 2005, security expert says

Data on the Pentagon's Joint Strike Fighter aircraft that was recently reported as being illegally accessed by foreign cyberspies has been available for more than four years on a peer-to-peer file-sharing network, the CEO of a software vendor said at a legislative hearing today.

The Wall Street Journal last month reported that hackers -- possibly based in China -- had broken into U.S. Department of Defense computers and downloaded terabytes of data containing design information about the $300 billion stealth fighter currently under development.

But Robert Boback, CEO of Tiversa Inc., a Cranberry Township, Pa.-based P2P monitoring services provider, said the company discovered the data on a file-sharing peer-to-peer network in January 2005 and reported it to the Defense Department and other federal authorities at that time.

The Defense Department could not immediately be reached for comment.

Boback was testifying at a hearing held today by a subcommittee of the House Committee on Energy and Commerce headed by U.S. Rep. Henry Waxman (D-Calif.) to discuss two new bills, one of which relates to P2P file sharing.

According to a company spokesman, the data on the Joint Strike Fighter was leaked from computers belonging to a defense contractor. At that point, the data was "not seen in China" but was disclosed from computers located in the state of Georgia and another computer in Ireland, the spokesman said via e-mail.

It was not immediately clear whether the data that was being referenced at the hearing today was the same data that the Journal reported as being stolen. According to the Journal, the compromised files were related to the design of the Joint Strike Fighter and its electronics systems and could be used to help defend against the jet. However, no sensitive files were compromised in the DOD break-in, according to the Journal.

The intrusions that were reported by the Journal were believed to date back to 2007. Boback's testimony makes it clear that data on the Joint Strike Fighter project has been available for at least two years before that.

This is not the first time Boback's company has reported discovering sensitive and confidential information on P2P networks. In March, Tiversa disclosed that it had discovered data about the communications, navigation and management electronics on Marine One, the helicopter now used by President Barack Obama, in a publicly available shared folder on a computer in Tehran, Iran. The data was apparently being accidentally leaked over a peer-to-peer file sharing network last summer, according to the company.

Two years ago, at a similar legislative hearing, Boback testified about how his company had discovered millions of documents, both governmental and private, containing sensitive and sometimes classified information on file-sharing networks after being inadvertently exposed by individuals downloading P2P software on their computers.