Mark's Blog

I have to admit I watch the coverage of the latest wikileaks incident with interest. I find it unbelievable that any one person could have gathered this much information from a secret network and then be able to copy if off and walk away with it from a secure location. This is a huge amount of data when you consider the Afghanistan files, the Iraq files and the state department cables.

Basic security measures do not seem to be in place or at least weren’t at the time of the theft. What possible valid reason could there be for an army private to have access to all this state department related data? It appears that the data he collected in many cases wasn’t in any way related to his duties. Where is the basic access control to the data? Where is the oversight from his superior? Surely it would make sense for his superior to be sent a report of everything this analyst was accessing? Why is there no security analysis flagging up how much information this low level individual was accessing? I would have expected some sort of automated log file analysis to flag this unusual usage. Now I know no technical detail of US secret network(I mean how could I being a Brit) but I suspect it will encrypt traffic and run on totally separate and private network, so why put all this level of technical measures when you don’t do the basics of ensuring that people have appropriate access to information.

Then the next point is where is the physical security? This is an army base and a room with access to a secret network, so even when you consider how insecure the access to data is, its just as bad that physical security failed. I can’t believe that the USB ports were left enabled on the terminal that was allegedly used to download the data. Furthermore I can’t believe there was access to a CD/DVD Burner that was so accessible. It then beggars belief that the person alleged to have downloaded the data was able to walk in and out of an area with access to a secret network with a USB and a writeable CD without being stopped.

I suspect before this is over there will be a lot of lessons learned and these measures will be addressed but that’s not exactly a process that can be completed overnight. Additionally I suspect governments and corporations world wide are now starting to think how exactly can we stop our private data being passed to wikileaks? I would be very surprised if there is not more legislation worldwide covering data theft and copyright, although I do hope that this balances the fact there are times when whistle-blowers are needed.

My main concern about these leaks is that it has endangered people around the globe who are named as having helped Americans world wide. Was there any need to publish the documents directly onto the internet why not just pass them to media organisations to extract the informative information without endangering the lives of others. I am really not convinced with the latest release of embassy communications, I don’t so far see any overwhelming public interest. At best there was some slight naughtiness to monitor and spy on UN officials and other foreign dignitaries but I bet that all countries do the same to some extent. The rest just seems to be little more than gossip. The earlier releases of Afghan and Iraq war files there was some disturbing evidence of war crimes and atrocities committed that I really hope are followed up on. War crimes can never be accepted or tolerated and if we expect others to treat us with respect we need to do the same in return.

I do have some other thoughts on wikileaks and its current direction but I will leave those for another post.

Sorry, but comments are closed. Check out another post and speak up!