Even as WikiLeaks supporters fought back anti-WikiLeaks companies and tried to keep the momentum going, the federal government ordered new rules to prevent future breaches.
As cables continue to trickle out of WikiLeaks in the second week since the
site began posting, it appears that WikiLeaks and the United
States government have learned some hard
"Previously with security breaches, the focus has been on the outside
threat," said Darren Hayes, Computer Information Services Program Chair at
New York's Pace
University. Companies have been worried
about other organizations trying to steal corporate secrets and the government has
been protecting against foreign countries trying to breach U.S.
security and defenses, Hayes said. There hasn't been "enough mention of
internal threats, in the past," he said.
The "WikiLeaks debacle" essentially boils down to an insider data
breach, according to Hayes, as it involves a user with access leaking the data
to someone else. Organizations - business and the federal government - are reviewing their policies to prevent similar breaches
As for U.S.
military analyst Army Private Bradley Manning, the one suspected of leaking the
cables to WikiLeaks, "he simply had too much access to sensitive
government information," said Thom VanHorn, vice president of global
marketing at Application Security. If employees "only have access to the
information necessary to do their jobs" and access privileges are properly
assigned, "sensitive information doesn't get into the wrong hands,"
The U.S. Office of Management and Budget ordered each agency that handles
classified information to perform a security review of its procedures.
The U.S. Department of Defense will "rethink computer security
procedures and change their policies in a revolutionary way," said Hayes.
At the moment, the changes are fairly straightforward: banning all removable
devices on classified systems. The Defense Department said there will be other
changes as well, such as a network monitoring solution that will identify
anomalous network activity and changes in how data is transferred between
classified and unclassified computers.
For WikiLeaks, the question is no longer about whether it will get shut down
soon, but about money. Instead of a single DNS provider, the site now has a
round-robin setup of at least 14 DNS providers directing traffic to its domain
name, of which it now has several.
Despite losing the wikileaks.org domain name, Web hosting, ongoing
denial-of-service attacks and getting blacklisted by some countries in the
first week, the site remains up, bolstered by nearly a thousand mirror sites
around the world keeping the content
"The harder you hit them, the bigger they get," said James Cowie,
a security researcher with Renesys.
But PayPal, MasterCard and Visa have all suspended accounts, and
Switzerland's PostFinance suspended one of the bank accounts set up for founder
Julian Assange's legal bills
. Even if donations don't come
in, the bills are going to mount, and the site needs a legal fund for when the United
States lawyers come knocking. U.S. Attorney
General Eric Holder has made no secret of his desire to prosecute Assange.
"To the extent that we can find anybody who was involved in the
breaking of American law, who put at risk the assets and the people I have
described, they will be held responsible; they will be held accountable,"
Holder said at a news conference.
The controversy around Assange appears to be too much for some WikiLeaks
staffers, as they resigned to launch a rival whistle-blower site OpenLeaks
Even though PayPal released all the funds to the foundation that was raising
funds for the site, PayPal said the accounts will remain inaccessible. The
donations are right now limited to going through Flattr, a Web-based donation
system run by a British-Swedish firm. "We will never stop this as long as
WikiLeaks' operations are legal," said Leif Hogberg, a system developer
and co-owner of the small firm, to AFP. He
noted that WikiLeaks is not yet illegal in Great
Britain or Sweden.