Share


Share

Share it !



share/bookmark

How Can WikiLeaks Occur in the First Place?


Julian Assange, the assailed WikiLeaks publisher, was allegedly supplied with a huge quantity of sensitive information which is now showing up on the infamous WikiLeaks website compliments of a private first class in the Army. Uncle Sam is screaming foul. Most people are scratching their heads trying to figure out how such a thing could happen.

The real truth is that we likely did it to ourselves. There is a full range of possibilities but a PFC isn't likely to have broad access to a large cross-section of secret information. The application of flawed network security policies, however, probably made it possible for Pvt. Bradley Manning to allegedly gain access to the information now appearing in Wikileaks.

You may recall that after Al Qaeda's attack on September 11, 2001 an investigation was launched. One of the findings was that U.S. intelligence information was too "stove piped". The criticism was that each agency with a security function gathered and guarded its own information rather than sharing it with other agencies. Efforts to tear down the walls among agencies were implemented. Intelligence agencies were told to distribute their information. The very office of the Director of National Intelligence was created to ensure giving out information among agencies.

The groundwork was laid for massive security leaks to happen, especially the loss of information that is stored in electronic databases. Computer operating systems have network security settings associated with them. These are known as "policies" and they determine who has authorization to what specific information. The principle of "need to know" is generally applied. That is, if a person is without the need to know the information, he or she is denied access to it. Each employee would have differing levels of access to sensitive information.

The U.S. State Department sent over the information it was told to send over to the Defense Department. Did the State Department set the security policies to be applied to DoD? It's unlikely. Would the information to which the PFC gained access ideally be controlled by the need to know principle? Yes, but the information arriving at DoD was unlikely supported by strong network security policies as to "who" within DoD could have access.

On the other side of the coin the DoD was likely without the resources needed to establish fine granular network security policies for control on each and every sensitive piece of information arriving from the State Department. The forced sharing of information between multiple agencies would likely increase vulnerabilities and produce system failures.

A PFC might very well have been able to download and review information if robust network security policies were absent. Any efforts by multiple agencies to match up sensitive information and establish need to know policies would be extremely difficult and time consuming. Couple this basic fact with the apparent desire on behalf of the perpetrators to harm America and we have a recipe for disaster.

The real enabler may have been our own ill-configured network security policy settings and the likes of Julian Assange who is allegedly linked to the globalist organization Open Society.




G. Rodriguez is a computer security specialist who occasionally writes articles that are used by various web sites.

Learn more about information security by downloading Computer Security Glossary's FREE eBook, "How to Security Your Computer". Just access the web site, http://www.computer-security-glossary.org and select the FREE eBook link.