Skip to content

How to Fix a Leaking Wiki

December 6, 2010

While Julian Assange and WikiLeaks continue to make global headlines for posting sensitive government documentation, I find it interesting that not too many outlets are focusing on one of the key questions that hasn’t yet fully been addressed: How did this happen?

How is it that hundreds of thousands of classified documents that are now being published to the entire world were <allegedly>downloaded by a single rogue Private in the U.S. Army</allegedly>?  How was a relatively low-level intelligence agent able to access such sensitive data?  How were the documents removed without being detected, and how could the US Government not have known that the documents had been taken by an unauthorized individual?  Could it all just be a GIANT GOVERNMENT CONSPIRACY?!? (judgementally pointing hand, doggedly wagging finger in direction of Washington, DC..)

Well, for all you lone wolf folks out there who are waiting in the wings to discover that Pfc. Bradley Manning is just another in a long line of government-sponsored patsies that trace back to Lee Harvey Oswald, I hate to disappoint you, but the answer is… probably not.  Access controls — or rather, the lack of good ones – is one of the key methods by which people can surreptitionsly remove critical business data (including those 250k+ classified files) from otherwise secure networks.  In the case of the WikiLeaks data, we may never know the whole truth, but that’s probably not for a lack of the government trying; there will be an investigation into what happened, but I’m guessing we’ll never know the complete story because it’s likely that two problems exist: a lack of appropriate controls (in the form of wrong ACLs that gave the alleged perpetrator access to too much information), and a lack of sufficient monitoring around those controls to track who does what with the access they have.  In reality, the powers that be probably have no way of knowing precisely how this happened.

So, how then to plug the hole and fix a leaking Wiki?  In terms of how government agencies and large enterprises can ensure that this sort of breach doesn’t happen to them, there are some simple steps.  One of the biggest problems with data loss isn’t that organizations don’t have the tools they need in place, but that the amount of data they produce makes it difficult to spot the important bits.  Often, there is also no way to easily correlate data taken from multiple point systems – making sense of the various point security tools is left to enterprise security analysts.

So, what if there was another way – one that correlated data from every corner of a network, in every data format, in real-time.  That’d be a really useful tool, wouldn’t it…?   🙂

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: