Written by

In all the furor (or possibly storm-in-a-teacup) over the recent WikiLeaks revelations it's interesting, but probably not that surprising, that so much emphasis has been put on the content and far less, at least publicly, on the event itself; by which I mean the actual leak.

Based on the constant stream of talking heads on cable TV, it seems like the actual material leaked really wasn't all that embarrassing and really won't cause a major rift in international relations, the next ice age, or Prince William to call off the big day. But what if it *had* been something of substance?

Yes, I know more secure information has, well, better security, but it's interesting that this much airplay has been given to the results of a breach that must have taken all of a couple of hours to perpetrate. A breach, which, if the suspected hacker himself is to be believed, could have been perpetrated by any teenager with $5 to buy a few RW CD's.

It's not exactly confidence inspiring.

If you've missed commentary on the "attack" (if I can even call it that) then the Guardian in the UK has a good backgrounder

The short version is that the hacker (who did have physical access) simply walked in with a CD marked with the name of some recording artist (he uses the example of "Lady Gaga", which personally I think should have tipped off base security that something was amiss, but then my tastes and his may vary, I suspect). Instead of listening to music, he downloaded massive amounts of (somewhat) sensitive information, and then burned it to the CD. Wash, rinse, repeat, as they say.

That, and of course, no one noticed. Now I have no idea if it's normal for this 22 year-old to have access to gigabytes of diplomatic cables, but would it be normal for him to grab them in that quantity and then burn them to a CD? I'm guessing that might be, what we in the industry call, 'unusual.'  You know that right now there's some poor guy poring over sixty thousand pages of log files muttering "it's got to be in here somewhere, I know it..."

Clearly the government has decided that this sort of thing (the unfettered ability to wander in and out of federal buildings carrying gigabytes of diplomatic documents on a Lady Gaga CD) is a bad idea and is therefore very much in the business of bolting barn doors and wondering who let the horses out.

According to that work is already underway, and it's hard to say that it's not a good idea.  According to the OMB, there will be:

“evaluation of the agency’s configuration of classified government systems to ensure that users do not have broader access than is necessary to do their jobs effectively, as well as implementation of restrictions on usage of, and removable media capabilities from, classified government computer networks”.

Yes, that's probably a good idea.

Personally, I think they should put the TSA on the job. After all, I can't even get on a plane with a decent amount of toothpaste these days. Imagine if that zeal were applied to actual threats to national security?

What’s hot on Infosecurity Magazine?