Wikileaks case exposes security vulnerabilities of the digital age

Wikileaks now at the center of an old controversy // Source: thetechjournal.com

The massive release of secret Pentagon documents by Wikileaks highlights the security challenges of the digital age, when gigabytes of stolen data can be shared in one click, analysts said Monday.

“I think about this in relationship to the Pentagon Papers,” said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies (CSIS), referring to the 1971 leak of Pentagon files about the Vietnam War. “The difference with the Pentagon Papers is that Daniel Ellsberg took a huge sheaf of paper and gave it to a reporter,” Lewis told AFP. “Now you can take even more documents and give them to the whole world.”

AFP reports that Wikileaks has not identified the source of the classified documents it obtained but suspicion has fallen on Bradley Manning, a U.S. Army intelligence analyst who is currently being held in a military jail in Kuwait.

Manning was arrested in May following the release by Wikileaks of video footage of a U.S. Apache helicopter strike in Iraq in which civilians died and has been charged with delivering defense information to an unauthorized source.

The Pentagon in June said it was probing allegations that Manning supplied classified video and 260,000 secret diplomatic cables to WikiLeaks.

Lewis said the Pentagon, like any organization, is going to have “bad actors” — insiders who turn against their employer — “but now it’s a lot easier for them to do things like this.”

A former Pentagon official said the digital communications revolution, while bringing huge benefits to society overall, also raised security concerns. “The proliferation of digital media and social software is certainly going to increase the risks of things like this happening,” said the official, who declined to be identified because he still plays an active role in national security policy issues.

“Security is always going to be a balance between convenience and security,” the former official told AFP. “It’s always a tradeoff between functionality and security and the pendulum has swung way to the functionality side.”

He cited a controversial Pentagon ban last year on the use of thumb drives by military personnel. “They’ve now re-allowed them but with special thumb drives that are encrypted and tamper proof,” he said.

“You’ve got to rethink how you secure information,” said Lewis, who heads the technology and public policy program at the Washington-based CSIS think tank. “In the paper world, I got a document that had top secret stamped on it and the government trusted that I wouldn’t take that piece of paper and share it. Maybe in the paper world that was OK but it’s not for the digital,” he said.

In the Internet era “we share information by using technology so that everyone can access databases and see documents and they’re all stored somewhere,” Lewis said.

“But the way we control that access is based on an older model, it’s pretty much personal trust,” the cybersecurity expert said. “The Pentagon trusts its employees, which is good, but it’s not enough.”

Lewis said a “more mature system would have said ‘Why is somebody downloading thousands of documents?’” and sent out red flags. “We don’t know how it worked in the Wikileaks case, but a big oil company I know, if you were downloading massive amounts of stuff they would turn off your machine,” he said. “You ask ‘Why is someone storing all this?’”

Don Jackson of SecureWorks said military security clearances, access and “need-to-know” requirements are “based on the analog world, where the worst you had to worry about was information like this being published in a newspaper. “Something like Wikileaks is not something you had to worry about before the Internet,” said Jackson, a security researcher with the counter-threat unit at the information security firm.

“The newspaper can’t publish 90,000 documents but Wikileaks can do it in a matter of seconds,” he said.