Monday, June 7, 2010

U.S. Military Intelligence Analyst Arrested for Data Leakage

This Wired article discusses a U.S. Army intelligence analyst being arrested for leaking classified and other sensitive information to Wikileaks.

A quote from the Wired article:
“I would come in with music on a CD-RW labeled with something like ‘Lady Gaga’, erase the music then write a compressed split file,” he wrote. “No one suspected a thing and, odds are, they never will.”

“[I] listened and lip-synced to Lady Gaga’s ‘Telephone’ while exfiltrating possibly the largest data spillage in American history,” he added later. ”Weak servers, weak logging, weak physical security, weak counter-intelligence, inattentive signal analysis… a perfect storm.”

Manning told Lamo that the Garani video was left accessible in a directory on a U.S. Central Command server, centcom.smil.mil, by officers who investigated the incident. The video, he said, was an encrypted AES-256 ZIP file.

Some thoughts spring to mind:
1). Why did it take so long for him to get caught? Why couldn't the DoD and US Military tell exactly who touched the video that got released by Wikileaks as "Collateral Murder" in February 2010?
2). Why weren't there procedures in place to catch rogue IT system administrators and analysts browsing for files they don't need to see?
3). While it was good that the investigators encrypted and password-protected the helicopter attack video, why wasn't the password on the encrypted AES-256 ZIP file housing the video uncrackable? My understanding is that the US government password length and complexity requirements get dramatically better for Top Secret content. I shouldn't be able to drop the ZIP into a copy of Passware and just wait a while for the password to get displayed in front of me.

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

No comments:

Post a Comment