View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 9, 2010

The Wikileaks story is a classic disgruntled employee one

The Wikileaks saga, which seems to have a daily twist and which now brings us a whole range of denial of service and legitimacy of hosting stories as well as the core political story, is purely and simply a case of inadequate internal information security, says Gary Flood

By

Wikileaks computer security

For what else is Private First Class Bradley Manning, the man who may or may not have leaked the material, that’s to say possibly 90,000 pages of US Army stuff on the Afghan War, the terrifying video nasty of the helicopter gunship attack on civilians in Iraq, the 260,000 classified diplomatic cables and maybe more, but that horrifying thing – the disgruntled employee with access to stuff that can damage his employer if leaked and who has a grudge to justify himself doing so?

Is Manning a ‘traitor,’ along the lines of an Aldrich Ames, a Robert Hanssen or even a Guy Burgess? These scum betrayed their countries for a mix of monetary or so-called ideological motives; Manning, as we’ll see in a minute, has more complex, perhaps more prosaic, motivations, apparently. I’m less interested in that aspect as seeing what he did as breaking the policies of his organisation (the US Army) and the trust of his employer (his country), with huge consequences for both.

As anyone who follows these CBR Rolling blogs will know, I write a lot about information security as a topic, generally taking the line that the biggest issue is never the external hacker but the internal threat. Thus, Manning. So his organisation has to take some blame for putting insufficient structure and safeguards in place to stop secrets walking out the door. Though they do; apparently every day, by my recent clippings; and there’s no legislating for human nature, as we know.

In fact if you look specifically at what he allegedly did do, the parallels with corporate data leaks become clearer and clearer. Manning was an intelligence analyst assigned to a support battalion with the 2nd Brigade Combat Team, 10th Mountain Division at Contingency Operating Station Hammer, in Iraq. He has boasted in an IM that he was the one who’d leaked the "Collateral Murder" video of a helicopter airstrike on July 12, 2007, in Baghdad, and all the rest of the data and that as a result he is facing charges under US military law for, and I quote, "transferring classified data onto his personal computer and adding unauthorised software to a classified computer system," and "communicating, transmitting and delivering national defence information to an unauthorised source".

Why did he do it? He seems to be a very unhappy young man. As a gay man, it seems he wasn’t that happy about not being allowed to tell his comrades he was such under the ‘don’t ask, don’t tell’ policy. We are also told he felt he was being given demeaning jobs, like being made to fetch the coffee in the workplace. Apart from these features of personal discontent, he also has, it seems, some sort of political grievance too, being recorded as expressing disillusionment with American foreign policy, the diplomatic documents he filched detailing, in his view, "almost criminal political back dealings" and that he wanted their release to cause large-scale scandals and lead to "worldwide discussion, debates, and reforms."

Content from our partners
The growing cybersecurity threats facing retailers
Cloud-based solutions will be key to rebuilding supply chains after global stress and disruption
How to integrate security into IT operations

Manning’s superior officers – his managers – can’t be blamed for not worrying that much that he wasn’t fitting in. They can be blamed – and should be – for appalling security weakness. The bloke’s a bloody Private, for God’s sake! What kind of a system lets a Pfc access some of the most sensitive secrets of your country? OK, not nuclear, but that clip of civilians being mowed down like zombies in a video game’s done as much damage to US reputation as a battlefield nuke, right?

And I don’t even have to tell you how he got the stuff out – yes, on DVDs and CD-ROMs, without anyone batting an eyelid or checking what he was up to.

Two things are going to happen. Either we start figuring out a way to stop this happening, and the fact that the CIOs of the world’s biggest military force haven’t bothered trying leaves me little basis for confidence. Or two – we accept the fact that we have no secrets and that everything is porous.

Maybe that wouldn’t be such a bad world, on the macro, geopolitical level. But dunno about you, but I don’t want you reading my email, my post or my text messages.

Welcome to the real world: the one where people do what they’ve always done, sell secrets, despite all the ISO27001s you can throw at it.

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED
THANK YOU