Posts RSS
Subscribe via Email
WikiLeaks: Coming to an Agency Near You
Posted December 9th, 2010 by rybolov
Nope, we’re not going to talk about ego trips, hidden agendas, or complete irresponsible transparency. This blog post is about some of the fallout inside the Government security teams.
The powers that be would like to remind you that downloading classified documents off the Intertubez does not make them unclassified. An anonymous source that I talked to last week gave me the info that they were busy tracking their users’ browsing behaviors so that if you (the hypothetical you) went to WikiLeaks and downloaded a classified document, the InfoSec goon squad would show up outside your cubicle to shred your hard drive because you had just been responsible for a classified spillage–ie, your unclassified desktop now has classified material on it and as per procedure the only way to deal with the situation is to overwrite your hard drive and reimage it. I have a couple thoughts about this:
- Where were the InfoSec goons when their users were getting drive-by malware from questionable sites?
- If it’s on TV, it’s not a “secret” anymore.
- Don’t our InfoSec teams have something better they can spend their time doing other than being the WikiLeaks monitor?
And then there’s the Ambulance Chasing Department. According to a different anonymous source, the vendors have descended upon the State Department hawking their security solutions, including this gem of a webinar. Not quite sure what the webinar is on, except that they’re targeting you to sell something.
From: Prism Microsystems
Sent: Wednesday, December 01, 2010 10:01 AM
To: user@state.gov
Subject: Webinar: Prevent “WikiLeaks-type” Data Loss
Webinar: How to Prevent “WikiLeaks-type” Data Loss in Government Networks
Following the most recent publication of classified documents by WikiLeaks, government agencies are reviewing current provisions for protecting classified and top secret data – they are also researching best practices and alternative methods to monitor, prevent, and document data loss.
Attend this webinar to learn:
- how the leaks happened
- telltale signs of a leak
- what you can do to prevent them
Leak picture by jillallyn.
Similar Posts:
Posted in Rants | 
4 Comments »
Tags: government • infosec • pwnage • security
December 9th, 2010 at 9:11 am
And the worst part is that a) this is who “security” has been legislated over the past decade (+?), and b) I’m sure State (and other agencies) will feel compelled to buy from $VENDORS, not because the solutions meet the need, but out of undefined obligation. I bet they can’t even tell you what problem their solving, just that they’re going to “solve the problem” very soon. *sigh*
December 9th, 2010 at 9:51 am
[…] This post was mentioned on Twitter by rybolov and novainfosec, M48813. M48813 said: In case you didn't figure it out on your own, don't download cables at work. thx -> RT @rybolov http://www.guerilla-ciso.com/archives/1947 […]
December 10th, 2010 at 12:02 am
It’s just like transubstantiation. If you eat the cookie at home, it doesn’t do anything. If you eat the cookie at the office, though, it turns into the body of secrets (kind of like your SOPs make sense when you practice them in an imaginary place that has no internet, but when you practice them in real life, they resemble some of the more cuckoo elements of religious dogma).
December 15th, 2010 at 11:32 am
Air Force has blocked their network users from accessing New York Times and other cable news reporters. I’ve heard that agencies have already blocked wikileaks.
DoS has sent threatening email to forgien service students at Columbia threatening retaliation during job applications.
OMB has told agencies AND contractors that they shouldn’ outta and that goes for personal devices as well.
(wonder how they intend to enforce that?)
It goes without saying . . . this is a direct and predictable result of no to ‘need to know’ yes to ‘need to share’.
Damage control has been limited to preventing only those people cleared to see the material from seeing it.