Wikileaks case puts focus on digital security challenges

Jul 26, 2010 by Chris Lefkow
The homepage of the WikiLeaks.org website is seen on a computer after leaked classified military documents were posted. The massive release of secret Pentagon documents by Wikileaks highlights the security challenges of the digital age, when gigabytes of stolen data can be shared in one click, analysts said Monday.

The massive release of secret Pentagon documents by Wikileaks highlights the security challenges of the digital age, when gigabytes of stolen data can be shared in one click, analysts said Monday.

"I think about this in relationship to the Pentagon Papers," said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies (CSIS), of the 1971 leak of Pentagon files about the Vietnam .

"The difference with the Pentagon Papers is that Daniel Ellsberg took a huge sheaf of paper and gave it to a reporter," Lewis told AFP. "Now you can take even more documents and give them to the whole world."

Wikileaks has not identified the source of the classified documents it obtained but suspicion has fallen on Bradley Manning, a US Army intelligence analyst who is currently being held in a military jail in Kuwait.

Manning was arrested in May following the release by Wikileaks of video footage of a US Apache helicopter strike in Iraq in which civilians died and has been charged with delivering defense information to an unauthorized source.

The Pentagon in June said it was probing allegations that Manning supplied classified video and 260,000 secret diplomatic cables to WikiLeaks.

Lewis said the Pentagon, like any organization, is going to have "bad actors" -- insiders who turn against their employer -- "but now it's a lot easier for them to do things like this."

A former Pentagon official said the digital communications revolution, while bringing huge benefits to society overall, also raised security concerns.

"The proliferation of digital media and social software is certainly going to increase the risks of things like this happening," said the official, who declined to be identified because he still plays an active role in national security policy issues.

"Security is always going to be a balance between convenience and security," the former official told AFP. "It's always a tradeoff between functionality and security and the pendulum has swung way to the functionality side."

He cited a controversial Pentagon ban last year on the use of thumb drives by military personnel. "They've now reallowed them but with special thumb drives that are encrypted and tamper proof," he said.

"You've got to rethink how you secure information," said Lewis, who heads the technology and public policy program at the Washington-based CSIS think tank.

"In the paper world, I got a document that had top secret stamped on it and the government trusted that I wouldn't take that piece of paper and share it. Maybe in the paper world that was OK but it's not for the digital," he said.

In the Internet era "we share information by using technology so that everyone can access databases and see documents and they're all stored somewhere," Lewis said.

"But the way we control that access is based on an older model, it's pretty much personal trust," the cybersecurity expert said. "The Pentagon trusts its employees, which is good, but it's not enough."

Lewis said a "more mature system would have said 'Why is somebody downloading thousands of documents?'" and sent out red flags.

"We don't know how it worked in the Wikileaks case, but a big oil company I know, if you were downloading massive amounts of stuff they would turn off your machine," he said. "You ask 'Why is someone storing all this?'"

Don Jackson of SecureWorks said military security clearances, access and "need-to-know" requirements are "based on the analog world, where the worst you had to worry about was information like this being published in a newspaper.

"Something like Wikileaks is not something you had to worry about before the Internet," said Jackson, a security researcher with the counter-threat unit at the information firm.

"The newspaper can't publish 90,000 documents but can do it in a matter of seconds," he said.

The former official said he "deplored" the release of classified information about Afghanistan and Pakistan but said he hoped it would not result in a rollback of the military's tentative embrace of social media.

"It should not be used as justification to try to discourage people from understanding new media and finding out how to use it more effectively," the former official said.

Explore further: Putin signs law seen as crimping social media

add to favorites email to friend print save as pdf

Related Stories

US soldier arrested in WikiLeaks case

Jun 07, 2010

A US soldier in Iraq has been arrested for allegedly leaking classified information to whistleblower website WikiLeaks, including video of a helicopter strike in Baghdad and US diplomatic cables.

Wikileaks releases pager intercepts from 9/11

Nov 25, 2009

Whistleblower website Wikileaks began publishing on Wednesday what it said were hundreds of thousands of pager messages from the day of the September 11, 2001 attacks on New York and Washington.

Spies breach Pentagon fighter-jet project: report

Apr 21, 2009

Computer spies have hacked into the Pentagon's most costly weapons program, a US newspaper reported Tuesday, raising the prospect of adversaries gaining access to top-secret security data.

Pentagon plays down security breach with US drones

Dec 18, 2009

A day after the Pentagon acknowledged that Iraqi militants had used cheap software to intercept US drone feeds, a new report on Friday said senior military officials had dismissed that risk in 2004.

Recommended for you

Google made failed bid for Spotify

6 hours ago

Internet titan Google tried last year to buy streaming music service Spotify but backed off for reasons including a whopping price tag, the Wall Street Journal reported on Tuesday.

Thieves got into 1,000 StubHub accounts

6 hours ago

(AP)—Cyber thieves got into more than 1,000 StubHub customers' accounts and fraudulently bought tickets for events through the online ticket reseller, a law enforcement official and the company said.

Putin signs law seen as crimping social media

18 hours ago

President Vladimir Putin on Tuesday signed a law requiring Internet companies to store all personal data of Russian users at data centres in Russia, a move which could chill criticism on foreign social networking ...

User comments : 0