WikiLeaks cable breach highlights insider security threat

On Tuesday, the US State Department cut off a military computer network's access to its database of embassy cables via the US Defense Department's Secret Internet Protocol Router Network (SIPRNet).

SIPRNet is a system of dedicated and encrypted lines and servers set up by the Pentagon in the 1990s to transmit material up to and including the government's second-highest level of classified information.

The State Department said it is taking steps to correct weaknesses in the system that have become evident because of the information leaks.

After the 2001 9/11 attacks, SIPRNet was expanded to help US agencies share classified information more easily, but these links are believed to have helped the WikiLeaks informant get access to confidential diplomatic messages.

The Defense Department claims to be enhancing its security by implementing two-person handling rules for moving data from classified to unclassified systems and establishing "insider threat" working groups to prevent further leaks.

The Pentagon has announced it is using the same methods as credit card companies to detect suspicious or anomalous behaviour and that 60% of its SIPRNet is now equipped with a host-based security system (HBSS) that can monitor unusual data access or usage. The department also claims to be accelerating HBSS deployment to the rest of its SIPRNet systems.

But, the HBSS may not be a cure-all, according to Amit Yoran, former director of the US Computer Emergency Readiness Team (US-CERT).

To prevent authorised insiders from stealing information, many classified networks have historically relied on strong access controls and encryption, but once inside the tough perimeter, systems have been very trusting, he said.

"When you have a trusted insider who is interested in causing harm or inappropriately accessing and divulging information, that sort of architecture with strong perimeters is quite flawed," said Yoran.

Government and business, he believes, need to revamp how they do security in the digital age.

The US has also moved to counter WikiLeaks by putting pressure on Amazon to pull the website from its cloud-based hosting service, according to the Guardian.

Wikileaks turned to Amazon's cloud-computing services to help fend off distributed denial of service attacks.

Amazon announced it was cutting WikiLeaks off only 24 hours after being asked to end its relationship with the site by the US Senate committee on homeland security.

WikiLeaks said it was disappointed with Amazon, but switched to a host in Sweden.

The removal of WikiLeaks from Amazon's cloud computing servers will also have little effect on the distribution of the files containing the embarrassing diplomatic cables, the Guardian said.

The paper has established that because the file is now being distributed as a Bittorrent download, it can be retrieved by anyone using Bittorrent clients and will be accessible, and downloadable, even if WikiLeaks is not.

This story was first published by Computer Weekly

What’s hot on Infosecurity Magazine?