Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • IT Management
    • Networking

    WikiLeaks, Anonymous Force Change to Federal Government’s Security Approach

    By
    Fahmida Y. Rashid
    -
    December 12, 2010
    Share
    Facebook
    Twitter
    Linkedin

      As cables continue to trickle out of WikiLeaks in the second week since the site began posting, it appears that WikiLeaks and the United States government have learned some hard lessons.

      “Previously with security breaches, the focus has been on the outside threat,” said Darren Hayes, Computer Information Services Program Chair at New York’s Pace University. Companies have been worried about other organizations trying to steal corporate secrets and the government has been protecting against foreign countries trying to breach U.S. security and defenses, Hayes said. There hasn’t been “enough mention of internal threats, in the past,” he said.

      The “WikiLeaks debacle” essentially boils down to an insider data breach, according to Hayes, as it involves a user with access leaking the data to someone else. Organizations – business and the federal government – are reviewing their policies to prevent similar breaches in the future.

      As for U.S. military analyst Army Private Bradley Manning, the one suspected of leaking the cables to WikiLeaks, “he simply had too much access to sensitive government information,” said Thom VanHorn, vice president of global marketing at Application Security. If employees “only have access to the information necessary to do their jobs” and access privileges are properly assigned, “sensitive information doesn’t get into the wrong hands,” VanHorn said.

      The U.S. Office of Management and Budget ordered each agency that handles classified information to perform a security review of its procedures.

      The U.S. Department of Defense will “rethink computer security procedures and change their policies in a revolutionary way,” said Hayes. At the moment, the changes are fairly straightforward: banning all removable devices on classified systems. The Defense Department said there will be other changes as well, such as a network monitoring solution that will identify anomalous network activity and changes in how data is transferred between classified and unclassified computers.

      For WikiLeaks, the question is no longer about whether it will get shut down soon, but about money. Instead of a single DNS provider, the site now has a round-robin setup of at least 14 DNS providers directing traffic to its domain name, of which it now has several.

      Despite losing the wikileaks.org domain name, Web hosting, ongoing denial-of-service attacks and getting blacklisted by some countries in the first week, the site remains up, bolstered by nearly a thousand mirror sites around the world keeping the content online.

      “The harder you hit them, the bigger they get,” said James Cowie, a security researcher with Renesys.

      But PayPal, MasterCard and Visa have all suspended accounts, and Switzerland’s PostFinance suspended one of the bank accounts set up for founder Julian Assange’s legal bills. Even if donations don’t come in, the bills are going to mount, and the site needs a legal fund for when the United States lawyers come knocking. U.S. Attorney General Eric Holder has made no secret of his desire to prosecute Assange.

      “To the extent that we can find anybody who was involved in the breaking of American law, who put at risk the assets and the people I have described, they will be held responsible; they will be held accountable,” Holder said at a news conference.

      The controversy around Assange appears to be too much for some WikiLeaks staffers, as they resigned to launch a rival whistle-blower site OpenLeaks.

      Even though PayPal released all the funds to the foundation that was raising funds for the site, PayPal said the accounts will remain inaccessible. The donations are right now limited to going through Flattr, a Web-based donation system run by a British-Swedish firm. “We will never stop this as long as WikiLeaks’ operations are legal,” said Leif Hogberg, a system developer and co-owner of the small firm, to AFP. He noted that WikiLeaks is not yet illegal in Great Britain or Sweden.

      Censorship Charges Denied

      As the lawyers work out how to prosecute Assange, some government officials are denying charges of censorship or pressuring companies to sever ties with Assange’s operation.

      “We have not pressured anybody to do anything,” Holder said at a news conference in San Francisco when asked if the government had tried to influence companies.

      Shortly after a statement by PayPal’s vice president of platform, Osama Bedier, that the “State Department told us these were illegal activities,” at Paris’ LeWeb conference, both PayPal’s general counsel and the State Department denied the conversation ever took place. Bedier was referencing a letter sent by the State Department to WikiLeaks, not PayPal, according to TechCrunch.

      As for WikiLeaks supporters, there are some lessons learned there as well. An Internet gathering, commonly referred to as “Anonymous,” has launched a series of distributed denial-of-service attacks against WikiLeaks enemies, such as PayPal, PostFinance, Visa, MasterCard and the Swedish Prosecution Authority. Called Operation Payback, Anonymous posted target sites and instructions on how to participate in the DDOS (distributed denial of service) attacks on Twitter. Unlike usual botnets controlling computers belonging to innocent users, there are “no victimized machines” in Operation Payback as “the participants knowingly engage” in the DDOS attack, said Noa Bar Yossef, a senior security strategist at Imperva.

      While the group trumpeted victories about knocking PayPal, Visa and MasterCard offline, the fact remains that they were “brochure sites,” said Jason Hoffman, co-founder and chief scientist at public cloud provider Joyent. The DDOS attacks didn’t disrupt actual payment services but the corporate sites, he said. A “vigilante DDOS attack” of several hundreds of machines can’t do a lot of damage to core services – a “botnet of millions of machines” would be needed, he said.

      Even Anonymous appeared to understand its limitations, posting, “We can not attack Amazon, currently. The previous schedule was to do so, but we don’t have enough forces,” on Twitter.

      Within the Anonymous IRC chat rooms, there was a lot of discussion about whom to target next, but also about halting DOS attacks and focusing on publicizing the contents of the leaked cables. Some participants in the chat rooms seemed aware they were losing the propaganda war and were being painted as criminals out to steal credit card information.

      In a press release, Anonymous said, “Our current goal is to raise awareness about WikiLeaks,” and called itself “Internet Citizens” who are “fed up with minor and major injustices.”

      Fahmida Y. Rashid

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×