WikiLeaks incidents stoke IT security angst

Lack of security controls and processes can make corporate IT vulnerable to the leaking of sensitive data to sites like WikiLeaks

By , Computerworld |  Security, Wikileaks

WikiLeaks' continued posting of classified U.S. Department of State cables, and the whistleblower Web site's revelation that it will soon post sensitive internal documents from a major U.S. bank , has stoked data security concerns among governments and large businesses around the world.

[ See also: WikiLeaks signs its own death warrant with threat to businesses ]

WikiLeaks has not disclosed how it obtained tens of thousands of State Department cables or the bank documents that it claims to hold.

However, a relatively low-level U.S. Army intelligence officer, charged in an earlier leak of classified documents to WikiLeaks, is suspected in leaking the State Department data to the site.

Private First Class Bradley E. Manning also claims to have illegally accessed and downloaded the State Department cables while stationed at a military base in Baghdad. Bradley was arrested earlier this year, after a former hacker he had confided in turned him into authorities.

In a security pro's online conversations with the ex-hacker, Adrian Lamo , details of which were published on Wired.com earlier this year, Manning is alleged to have boasted about the "unprecedented access" he had to classified networks for up to 14 hours a day.

Manning allegedly claimed to have had Top Secret clearance to access SIPRNET, a classified network used by the Department of Defense and the State Department, and to the Joint Worldwide Intelligence Communications System used by the two agencies for Top Secret/Sensitive Compartmentalized Information.

Even with his top secret clearance, the apparent fact that Manning was so easily able to pull off one of the largest data leaks ever, indicates serious security problems, said Tim O'Pry, CTO at the Henssler Financial Group in Kennesaw, Ga.

O'Pry, a former U.S. Air Force cryptanalyst stationed at the National Security Agency, said that based on available information, "the systems simply were poorly designed to maintain and control the information."

Manning's access to a significant amount of information showed that access to the highly classified networks was not controlled on a need-to-know basis, he said.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness