• Military Menu                       

• Introduction
• Systems
• Facilities
• Agencies
• Industry
• Operations
• Countries
• Hot Documents
• News
• Reports
• Policy
• Budget
• Congress
• Links

• WMD
• Intelligence
• Homeland Security
• Space

Downloading shared files threatens security

Army News Service

Release Date: 4/22/2004

By Sgt. 1st Class Eric Hortin

FORT HUACHUCA, Ariz. (Army News Service, April 22, 2004) - People spend hours in front of their computer screen, downloading music or new movies from the Internet, and not paying a cent, the Army considers such action on government computers to be a security threat.

One program that is used to downloaded files is Peer-to-Peer (P2P) architecture. It is a type of network in which each workstation has the capability to function as both a client and a server. It allows any computer running specific applications to share files and access devices with any other computer running on the same network without the need for a separate server. Most P2P applications allow the user to configure the sharing of specific directories, drives or devices.

In a white paper written by the Army's Computer Network Operations Intelligence section, unauthorized P2P applications on government systems, "represent a threat to network security."

"The idea of someone else getting unfettered access to anything of yours without your explicit consent should scare anybody - and that's exactly what P2P authorizes," says Zina Justiniano, an intelligence analyst with the U.S. Army Network Enterprise Technology Command's (NETCOM) Intelligence Division, G2. "P2P is freeware. Freeware, shareware - most of the stuff that you pay nothing for, has a high price. The fact that it's free says that anybody and their cousin can get it; that means that anybody and their cousin can get to your machine."

P2P applications are configured to use specific ports to communicate within the file sharing "network," sometimes sidestepping firewalls. This circumvention creates a compromise and potential vulnerabilities in the network that, in a worse case scenario, can lead to network intrusions, data compromise, or the introduction of illegal material and pornography.

There is also the issue of bandwidth. Since the start of the global war on terrorism, the most pressing issue from service members in the field has been the shortage of bandwidth to transmit battlefield intelligence to combatant commanders. The average four-minute song converted into an audio file recorded at 128-bit, can be upwards of 5 megabytes. Full-length video MPEG files can easily reach 1.6 gigabytes. Depending on the connection speed, even a small file may take several minutes to hours to download, using valuable bandwidth.

Unauthorized use of P2P applications account for significant bandwidth consumption. It limits the bandwidth required for official business, and storage capacity on government systems.

While those who monitor the Army networks agree that copyright infringement is a valid issue, they do have other, more important concerns.

There are several known Trojan horses, worms and viruses that use commercial P2P networks to spread and create more opportunities for hackers to attack systems. Trojan horse applications record information and transmit it to an outside source. They can also install "backdoors" on operating systems, transmit credit card numbers and passwords - making these malicious programs a favorite of hackers. Some of the malicious codes allow hackers to snoop for passwords, disables antivirus and firewall software, and links the infected system to P2P networks to send large amounts of information (spam) using vulnerabilities in Windows operating systems.

"If it's a really good Trojan horse, it will actually run two programs; it will run the program they said they were going to run, so they will not only download it, but they will install it and be very happy that it's there," Justiniano said. "Meanwhile in the background, another program is doing malicious damage to the computer by either damaging files or possibly taking files off the computer without your knowledge. If it's a really nice program that runs well, (the user) will pass that file over to someone else because they really got their money's worth out of it. People will just keep passing it along."

Trojan horses are not the cause of all security issues. Oftentimes, "spyware" applications are installed with the users consent; it's buried in the really long agreement that nobody reads that a user must click, "I Accept," in order to begin the installation. This is especially true with free-ware applications downloaded from the Internet. According to published reports, a couple of years ago, some P2P applications came packaged with a spyware application that acted as a Trojan horse. This specific program sent information to an online lottery server.

Those are just a couple of reasons the Army doesn't want its people loading P2P on their systems, and enacted regulations prohibiting loading those applications.

The Army's regulation on Information Assurance, Army Regulation 25-2, specifically prohibits certain activities; sharing files by means of P2P applications being one of them. There are some, however, who have P2P applications on their Army systems and use them despite the prohibition of such activities.

Over a two-month period at the end of last year, government organizations identified more than 420 suspected P2P sessions on Army systems in more than 30 locations around the globe.

It seems some don't understand or haven't read the standard Department of Defense warning that says, "Use of this DOD computer system, authorized or unauthorized, constitutes consent to monitoring." For those who think, "How are they going to know it's me? I'm just one person in a network of hundreds of thousands," don't be surprised when network access is cut off and the brigade commander is calling.

It is the role of the Theater Network Operations and Security Center, located in Fort Huachuca, Ariz., to monitor and defend its portion of the Army network. This includes identifying potential security risks to the network, and unauthorized P2P applications, which create a considerable risk to those networks.

"People shouldn't assume they are using P2P applications in secrecy," said Ronald Stewart, deputy director of the C-TNOSC. "We are able to detect use of P2P, and when we do, we take measures. We can detect and identify systems with P2P software on them; and when we find them, we direct the removal of the software from the system through the command chain."

Some Soldiers try to work around the Army networks to feed their P2P habits. Lt. Col. Roberto Andujar, director of the C-TNOSC, says using the Terminal Server Access Controller System (TSACS) to dial into the military network is not a work-around, because there are tools in place to identify P2P traffic.

Methods commonly used by commercial industry, such as Internet Protocol (IP) address and port blocking, random monitoring, and configuring routers are some of the methods the C-TNOSC and installations take to prevent P2P access. There are other methods used, but specific examples cannot be discussed.

Commanders who unwittingly allow P2P to run unchecked on their networks are not exempt from liability. Commanders may be held personally liable for any illegal possession, storage, copying, or distribution of copyrighted materials that occurs on their networks. Soldiers, civilian employees and contractors face even tougher penalties.

People using P2P on government computers can to look forward to other possibly harsher punishments depending on the kinds of files the users are sharing.

"Say you have a Soldier downloading music through P2P, in violation of copyright rules," said Tom King, a legal adviser with NETCOM. "The people who own the copyright can actually sue that Soldier. Then you have the issue that he's violating a lawful order. Then you have the issue that it's a misuse of government time and misuse of a government resource. He can be in a world of hurt. Then he's also exposing the Army network to hacking attacks."

"Prosecutions are on the rise. Discipline is on the rise. People are taking this stuff more and more seriously all the time," King said. "People just don't understand that there's a price to be paid for this."

Not understanding seems to be the main reason P2P applications keep showing up on Army computer systems.

"User education is one of the keys," said Kathy Buonocore, chief of the Regional Computer Emergency Response Team. "Some users don't know it's illegal."

"When I call some commanders and tell them, they say, 'What's P2P?'" Andujar said. "Commanders have to be educated and take action."

Education has to extend down to the organization administrators. Justiniano says those who have administrator privileges on government computer systems are the ones loading the unauthorized programs. To prevent this, system and network administrators should configure systems correctly, so users cannot install unauthorized software.

"There are very few benefits that are not addressed somewhere else, that do not include the risk of P2P software," Justiniano said, adding that the use of Army Knowledge Online knowledge centers and secure File Transfer Protocol sites are their preferred method of file sharing.

(Editor's note: Sgt. 1st Class Eric Hortin is a journalist for the U.S. Army Network Enterprise Technology Command.)